diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2ddefc6..3e923fe 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13671,6 +13671,17 @@
       },
       "uuid": "47739f40-c80c-435a-bedc-0d2b38e87ddc",
       "value": "AeroBlade"
+    },
+    {
+      "description": "WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, including SQLMaggie, ScreenCap, and a credential dumper. The group has been observed targeting telecommunications and IT service providers, using toolsets authored by WinEggDrop. WIP19's activities suggest they are after specific information and are part of the broader Chinese espionage landscape.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/"
+        ]
+      },
+      "uuid": "21bb2dab-4125-4ae8-8966-c7381659e180",
+      "value": "WIP19"
     }
   ],
   "version": 295