diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2aaafb3..b9f1763 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13352,6 +13352,18 @@
       },
       "uuid": "aad291eb-08d1-4af4-9dd1-e90fe1f2d6c6",
       "value": "TA402"
+    },
+    {
+      "description": "SilverFish is believed to be a Russian cyberespionage group that has been involved in various cyberattacks, including the use of the SolarWinds breach as an attack vector. SilverFish has been linked to the Wasted Locker ransomware and has displayed a high level of skill and organization in their cyber operations. There are also connections between SilverFish and the threat actor Evil Corp, suggesting a possible evolution or collaboration between the two groups.",
+      "meta": {
+        "refs": [
+          "https://www.truesec.com/hub/blog/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies",
+          "https://www.prodaft.com/resource/detail/silverfish-global-cyber-espionage-campaign-case-report",
+          "https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions"
+        ]
+      },
+      "uuid": "55bcc595-2442-4f98-9477-7fe9b507607c",
+      "value": "SilverFish"
     }
   ],
   "version": 294