diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index fb3ecff..e0a145f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14968,6 +14968,21 @@
       },
       "uuid": "4e137d53-b9cf-4b9a-88c2-f29dd27ac302",
       "value": "Urpage"
+    },
+    {
+      "description": "Operation Emmental, also known as the Retefe gang, is a threat actor group that has been active since at least 2012. They primarily target customers of banks in countries such as Austria, Sweden, Switzerland, and Japan. The group has developed sophisticated malware, including a Mac alternative called Dok, to bypass two-factor authentication and hijack network traffic. They have also been observed using phishing emails to spread their malware. The group is believed to be Russian-speaking and has continuously improved their malicious codes over the years.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "http://blog.trendmicro.com/trendlabs-security-intelligence/osx_dok-mac-malware-emmental-hijacks-user-network-traffic/"
+        ],
+        "synonyms": [
+          "Retefe Gang",
+          "Retefe Group"
+        ]
+      },
+      "uuid": "a1527821-fe84-44ec-ad29-8d3040463bc9",
+      "value": "Operation Emmental"
     }
   ],
   "version": 299