diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 26922b1..9ccf9e3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15367,6 +15367,18 @@
       },
       "uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a",
       "value": "Earth Kapre"
+    },
+    {
+      "description": "Earth Krahang is an APT group targeting government organizations worldwide. They use spear-phishing emails, weak internet-facing servers, and custom backdoors like Cobalt Strike, RESHELL, and XDealer to conduct cyber espionage. The group creates VPN servers on infected systems, employs brute force attacks on email accounts, and exploits compromised government infrastructure to attack other governments. Earth Krahang has been linked to another China-linked actor, Earth Lusca, and is believed to be part of a specialized task force for cyber espionage against government institutions.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-china-linked-earth-krahang-apt-breached-70-organizations-in-23-nations-active-iocs",
+          "https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html"
+        ]
+      },
+      "uuid": "8cfc9653-51bc-40f1-a267-78a1b8c763f6",
+      "value": "Earth Krahang"
     }
   ],
   "version": 304