diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 60758f0..fc03a06 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12845,6 +12845,19 @@
       },
       "uuid": "46de4091-379f-478c-bb6d-5833e2047f15",
       "value": "DiceyF"
+    },
+    {
+      "description": "Lace Tempest, also known as DEV-0950, is a threat actor that exploited vulnerabilities in software such as SysAid and PaperCut to gain unauthorized access to systems. Lace Tempest is known for deploying the Clop ransomware and exfiltrating data from compromised networks.",
+      "meta": {
+        "refs": [
+          "http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/"
+        ],
+        "synonyms": [
+          "Lace Tempest"
+        ]
+      },
+      "uuid": "4581f930-348e-4054-a71c-863871de66ee",
+      "value": "DEV-0950"
     }
   ],
   "version": 293