diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index e3ec656..ae7b07b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14859,6 +14859,19 @@
       },
       "uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb",
       "value": "GhostEmperor"
+    },
+    {
+      "description": "Operation Triangulation is an ongoing APT campaign targeting iOS devices with zero-click iMessage exploits. The threat actor behind the campaign has been active since at least 2019 and continues to operate. The attack chain involves the delivery of a malicious iMessage attachment that launches a series of exploits, ultimately leading to the deployment of the TriangleDB implant. Kaspersky researchers have discovered and reported multiple vulnerabilities used in the campaign, with patches released by Apple.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/",
+          "https://securelist.com/operation-triangulation-catching-wild-triangle/110916/",
+          "https://securelist.com/triangulation-validators-modules/110847/",
+          "https://securelist.com/operation-triangulation/109842/"
+        ]
+      },
+      "uuid": "220001c6-c976-4cad-a356-4d8c2dd2b1c1",
+      "value": "Operation Triangulation"
     }
   ],
   "version": 299