diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f7f9fc7..dda0abb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12929,6 +12929,18 @@
       },
       "uuid": "610a7301-5963-4653-8aa2-eeb8573dfad9",
       "value": "TA482"
+    },
+    {
+      "description": "XakNet is a self-proclaimed hacktivist group that has targeted Ukraine. They claim to be comprised of Russian patriotic volunteers and have conducted various threat activities, including DDoS attacks, compromises, data leaks, and website defacements. They coordinate their operations with other hacktivist groups and have connections to APT28, a cyber espionage group sponsored by the GRU.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://www.mandiant.com/resources/blog/gru-rise-telegram-minions",
+          "https://www.mandiant.com/resources/blog/gru-disruptive-playbook"
+        ]
+      },
+      "uuid": "566752f5-a294-4430-b47e-8e705f9887ea",
+      "value": "XakNet"
     }
   ],
   "version": 293