diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2a5d7dd..bcc884d 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5631,7 +5631,8 @@
           "PLA Navy",
           "MAVERICK PANDA",
           "BRONZE EDISON",
-          "Sykipot"
+          "SODIUM",
+          "Salmon Typhoon"
         ]
       },
       "uuid": "8e28dbee-4e9e-4491-9a6c-ee9c9ec4b28b",
@@ -7069,7 +7070,10 @@
           "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader",
           "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european",
           "https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/",
-          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
+          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
+          "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW",
+          "https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_LT4.pdf",
+          "https://thecyberwire.com/podcasts/microsoft-threat-intelligence/4/notes"
         ],
         "synonyms": [
           "BRONZE PRESIDENT",
@@ -7080,7 +7084,10 @@
           "Earth Preta",
           "TA416",
           "Stately Taurus",
-          "LuminousMoth"
+          "LuminousMoth",
+          "Polaris",
+          "TANTALUM",
+          "Twill Typhoon"
         ]
       },
       "uuid": "78bf726c-a9e6-11e8-9e43-77249a2f7339",
@@ -8103,7 +8110,23 @@
           "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
           "https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi",
           "https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf",
-          "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists"
+          "https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists",
+          "https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities",
+          "https://intrusiontruth.wordpress.com/2023/05/11/article-1-whats-cracking-at-the-kerui-cracking-academy",
+          "https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui",
+          "https://intrusiontruth.wordpress.com/2023/05/13/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company",
+          "https://intrusiontruth.wordpress.com/2023/05/15/trouble-in-paradise",
+          "https://intrusiontruth.wordpress.com/2023/05/16/introducing-cheng-feng",
+          "https://intrusiontruth.wordpress.com/2023/05/17/missing-links",
+          "https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Common-TTPs-of-attacks-against-industrial-organizations-implants-for-remote-access-En.pdf",
+          "https://asec.ahnlab.com/ko/55070",
+          "https://intrusiontruth.wordpress.com/2023/07/04/wuhan-xiaoruizhi-class-of-19",
+          "https://intrusiontruth.wordpress.com/2023/07/07/one-man-and-his-lasers",
+          "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2023-02-bfv-cyber-brief.pdf?__blob=publicationFile&v=6",
+          "https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived",
+          "https://www.justice.gov/opa/media/1345141/dl?inline",
+          "https://www.gov.uk/government/news/uk-holds-china-state-affiliated-organisations-and-individuals-responsible-for-malicious-cyber-activity",
+          "https://harfanglab.io/en/insidethelab/apt31-indictment-analysis/"
         ],
         "synonyms": [
           "ZIRCONIUM",
@@ -10856,7 +10879,12 @@
           "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools",
           "https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass",
           "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf",
-          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf"
+          "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf",
+          "https://securelist.com/apt-annual-review-2021/105127",
+          "https://securelist.com/apt-trends-report-q2-2021/103517",
+          "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jolly-jellyfish/NCSC-MAR-Jolly-Jellyfish.pdf",
+          "https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/pdf/2022-year-in-retrospect-report.pdf",
+          "https://www.youtube.com/watch?v=-7Swd1ZetiQ"
         ],
         "synonyms": [
           "CHROMIUM",
@@ -10867,7 +10895,9 @@
           "AQUATIC PANDA",
           "Red Dev 10",
           "RedHotel",
-          "Charcoal Typhoon"
+          "Charcoal Typhoon",
+          "BountyGlad",
+          "Red Scylla"
         ]
       },
       "related": [
@@ -12336,7 +12366,8 @@
           "https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/"
         ],
         "synonyms": [
-          "BRONZE SILHOUETTE"
+          "BRONZE SILHOUETTE",
+          "VANGUARD PANDA"
         ]
       },
       "uuid": "f02679fa-5e85-4050-8eb5-c2677d93306f",
@@ -12579,7 +12610,11 @@
           "https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/",
           "https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr",
           "https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/",
-          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html"
+          "https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html",
+          "https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/",
+          "https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/",
+          "https://www.youtube.com/watch?v=khywfhJv4H8",
+          "https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf"
         ]
       },
       "uuid": "5b30bcb8-4923-45cc-bc89-29651ca5d54e",
@@ -14436,7 +14471,8 @@
           "https://www.crowdstrike.com/global-threat-report/"
         ],
         "synonyms": [
-          "Ethereal Panda"
+          "Ethereal Panda",
+          "Storm-0919"
         ]
       },
       "uuid": "50ee2b1b-979e-4507-8747-8597a95938f6",