diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index acf1649..950039c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8496,7 +8496,11 @@
           "https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers",
           "https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md",
           "https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server",
-          "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite"
+          "https://www.nextron-systems.com/2021/03/06/scan-for-hafnium-exploitation-evidence-with-thor-lite",
+          "https://www.thedailybeast.com/how-chinas-devastating-microsoft-hack-puts-us-all-at-risk"
+        ],
+        "synonyms": [
+          "TURBINE PANDA"
         ]
       },
       "uuid": "4f05d6c1-3fc1-4567-91cd-dd4637cc38b5",