diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bcd9653..c603f47 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13149,6 +13149,16 @@
       },
       "uuid": "5d0aee14-f18a-44da-a44d-28d950f06b9c",
       "value": "CL-STA-0043"
+    },
+    {
+      "description": "DEV-0928 is a threat actor that has been tracked by Microsoft since September 2022. They are known for their involvement in high-volume phishing campaigns, using tools offered by DEV-1101. DEV-0928 sends phishing emails to targets and has been observed launching campaigns involving millions of emails. They also utilize evasion techniques, such as redirection to benign pages, to avoid detection.",
+      "meta": {
+        "refs": [
+          "http://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/"
+        ]
+      },
+      "uuid": "8345dd24-7884-48e3-b231-4791d31afe3d",
+      "value": "DEV-0928"
     }
   ],
   "version": 294