diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 75993f42..cf458089 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -7761,7 +7761,20 @@
       },
       "uuid": "8dda51ef-9a30-48f7-b0fd-5b6f0a62262d",
       "value": "Operation Soft Cell"
+    },
+    {
+      "value": "Operation WizardOpium",
+      "uuid": "75db4269-924b-4771-8f62-0de600a43634",
+      "description": "We are calling these attacks Operation WizardOpium. So far, we have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with Lazarus attacks, although these could very well be a false flag. The profile of the targeted website is more in line with earlier DarkHotel attacks that have recently deployed similar false flag attacks.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/"
+        ],
+        "threat-actor-classification": [
+          "campaign"
+        ]
+      }
     }
   ],
-  "version": 137
+  "version": 138
 }