diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6c5cf7d..88bff0b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12896,6 +12896,16 @@
       },
       "uuid": "46a67fdf-5376-4d01-8092-6549a20030af",
       "value": "Caracal Kitten"
+    },
+    {
+      "description": "Trend Micro discovered a threat actor they named Water Labbu that was targeting cryptocurrency scam websites. Typically, cryptocurrency scammers use social engineering techniques,  interacting with victims to gain their trust and then manipulating them into providing the permissions needed to transfer cryptocurrency assets. While Water Labbu managed to steal cryptocurrencies via a similar method by obtaining access permissions and token allowances from their victim’s wallets, unlike other similar campaigns, they did not use any kind of social engineering — at least not directly. Instead, Water Labbu lets other scammers use their social engineering tricks to scam unsuspecting victims.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/22/j/water-labbu-abuses-malicious-dapps-to-steal-cryptocurrency.html"
+        ]
+      },
+      "uuid": "7f24740c-9370-4968-a92e-667ef2591abe",
+      "value": "Water Labbu"
     }
   ],
   "version": 293