diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8be7577..94640f8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14420,6 +14420,19 @@
       },
       "uuid": "37f012df-54d8-4b3d-a288-af47240430ea",
       "value": "Raspberry Typhoon"
+    },
+    {
+      "description": "Phlox Tempest is a threat actor responsible for a large-scale click fraud campaign targeting users through YouTube comments and malicious ads. They use ChromeLoader to infect victims' computers with malware, often delivered as ISO image files that victims are tricked into downloading. The attackers aim to profit from clicks generated by malicious browser extensions or node-WebKit installed on the victim's device. Microsoft and other cybersecurity organizations have issued warnings about this ongoing and prevalent campaign.",
+      "meta": {
+        "refs": [
+          "https://twitter.com/MsftSecIntel/status/1570911625841983489"
+        ],
+        "synonyms": [
+          "DEV-0796"
+        ]
+      },
+      "uuid": "dd012c50-4f4f-4485-ac52-294a341f03e5",
+      "value": "Phlox Tempest"
     }
   ],
   "version": 298