diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index af9f5ca3..2b61f965 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -807,7 +807,6 @@
           "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf",
           "https://usa.kaspersky.com/resource-center/threats/naikon-targeted-attacks",
           "https://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/",
-          "https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/",
           "https://threatconnect.com/blog/tag/naikon/",
           "https://attack.mitre.org/groups/G0019/",
           "https://www.secureworks.com/research/threat-profiles/bronze-geneva",
@@ -1138,8 +1137,8 @@
         "cfr-type-of-incident": "Espionage",
         "country": "CN",
         "refs": [
-          "https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/",
-          "https://www.cfr.org/interactive/cyber-operations/hellsing"
+          "https://www.cfr.org/interactive/cyber-operations/hellsing",
+          "https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/"
         ]
       },
       "uuid": "af482dde-9e47-48d5-9cb2-cf8f6d6303d3",