diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c3676ff..91b2094 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13000,6 +13000,19 @@
       },
       "uuid": "615311f0-58d4-4d1d-ac86-6ba86d119317",
       "value": "KAX17"
+    },
+    {
+      "description": "MirrorFace is a Chinese-speaking advanced persistent threat group that has been targeting high-value organizations in Japan, including media, government, diplomatic, and political entities. They have been conducting spear-phishing campaigns, utilizing malware such as LODEINFO and MirrorStealer to steal credentials and exfiltrate sensitive data. While there is speculation about their connection to APT10, ESET currently track them as a separate entity.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/",
+          "https://web-assets.esetstatic.com/wls/2023/01/eset_apt_activity_report_t32022.pdf",
+          "https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/"
+        ]
+      },
+      "uuid": "e992d874-604b-4a09-9c6c-0319d5be652a",
+      "value": "MirrorFace"
     }
   ],
   "version": 294