diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 41942fc..9977998 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12247,6 +12247,23 @@
       },
       "uuid": "a47b0f97-30fe-451d-9983-3bdc1e4608ab",
       "value": "LofyGang"
+    },
+    {
+      "description": "The cyberattack campaign that Microsoft uncovered was launched by a China-linked hacking group called Storm-0062. According to the company, the group is launching cyberattacks by exploiting a vulnerability in the Data Center and Server editions of Confluence. Those are versions of the application that companies run on-premises.",
+      "meta": {
+        "aliases": [
+          "Oro0lxy",
+          "DarkShadow"
+        ],
+        "country": "CN",
+        "refs": [
+          "https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-november-2023/ba-p/3970796",
+          "https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-41-5/",
+          "https://twitter.com/MsftSecIntel/status/1711871732644970856"
+        ]
+      },
+      "uuid": "d1fe4546-616a-409c-8d2c-f7a7e0a183f8",
+      "value": "Storm-0062"
     }
   ],
   "version": 289