diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 10a40b1..c351b8a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12345,6 +12345,18 @@
       },
       "uuid": "f939b51d-32f9-41d9-8549-f00b2db104c7",
       "value": "RansomVC"
+    },
+    {
+      "description": "Symantec recently reported on activity attributed to a threat actor group dubbed Carderbee. In the campaign, the threat actors target entities in Hong Kong and other regions of Asia via a supply chain attack leveraging the legitimate Cobra DocGuard software. The activity began as early as September 2022.",
+      "meta": {
+        "refs": [
+          "https://blog.eclecticiq.com/chinese-state-sponsored-cyber-espionage-activity-targeting-semiconductor-industry-in-east-asia",
+          "https://blog.polyswarm.io/carderbee-targets-hong-kong-in-supply-chain-attack",
+          "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse"
+        ]
+      },
+      "uuid": "ce793b99-0cf2-4148-831c-ea5f6a9e0a76",
+      "value": "Carderbee"
     }
   ],
   "version": 289