diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d3bbbf8..252012e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12671,6 +12671,23 @@
       },
       "uuid": "def3c4e4-9d59-478f-8895-d3850cfa99c3",
       "value": "UAC-0094"
+    },
+    {
+      "description": "TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administration or software development roles, on various communication platforms, intended to gain access to these start-up and high-tech companies. TraderTraitor may be the work of operators previously responsible for APT38 activity.",
+      "meta": {
+        "aliases": [
+          "Jade Sleet",
+          "UNC4899"
+        ],
+        "country": "KP",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/north-korea-supply-chain",
+          "https://us-cert.cisa.gov/ncas/alerts/aa22-108a",
+          "https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023"
+        ]
+      },
+      "uuid": "825abfd9-7238-4438-a9e7-c08791f4df4e",
+      "value": "TraderTraitor"
     }
   ],
   "version": 292