diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index a2e493d5..79ba1d44 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16491,6 +16491,16 @@
       },
       "uuid": "0b71d2db-93fe-49b5-a9fd-7f8c94b86637",
       "value": "SAMBASPIDER"
+    },
+    {
+      "description": "UNC4393 is a financially motivated threat actor primarily using BASTA ransomware. They have been active since early 2022 and have targeted over 40 organizations across various industries. UNC4393 has shown a willingness to cooperate with other threat clusters for initial access and has evolved from using existing tools to developing custom malware. They focus on efficient data exfiltration and multi-faceted extortion, often utilizing tools like COGSCAN and RCLONE for reconnaissance and data theft.",
+      "meta": {
+        "refs": [
+          "https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight"
+        ]
+      },
+      "uuid": "8191e28a-fb2d-4d50-b992-b877807a2f37",
+      "value": "UNC4393"
     }
   ],
   "version": 312