diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ec7b094..2e043cf 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15486,6 +15486,16 @@
       },
       "uuid": "1759f8f2-e6ef-4683-a9e4-44984b9deaba",
       "value": "Edalat-e Ali"
+    },
+    {
+      "description": "Saad Tycoon is the operator and alleged developer of the Tycoon 2FA PhaaS, a phishing service that targets users for financial gain. The actor utilizes Bitcoin transactions to generate significant profits from the fraudulent service. The phishing infrastructure includes domain registration, server hosting, and possibly Cloudflare protection.",
+      "meta": {
+        "refs": [
+          "https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/"
+        ]
+      },
+      "uuid": "d9709373-7a3a-4905-8c90-ba74237e77ea",
+      "value": "Saad Tycoon"
     }
   ],
   "version": 305