diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 39e2c8d6..87259aa6 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16068,6 +16068,16 @@
       },
       "uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
       "value": "SEXi"
+    },
+    {
+      "description": "LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised RDP credentials to gain access to victim organizations. Their post-compromise activities involve deploying MeshAgent and a customized version of QuasarRAT known as PurpleInk to maintain control over infected systems. LilacSquid has been observed using tools like Secure Socket Funneling for data exfiltration.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/lilacsquid/"
+        ]
+      },
+      "uuid": "efacc258-fa0e-4686-99d2-03bab14a640e",
+      "value": "LilacSquid"
     }
   ],
   "version": 310