diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f15dfe63..70f379ba 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6620,7 +6620,17 @@
       },
       "uuid": "dc15f388-a353-4185-b28e-015745f708ba",
       "value": "SandCat"
+    },
+    {
+      "description": "Operation Comando is a pure cybercrime campaign, possibly with Brazilian origin, with a concrete and persistent focus on the hospitality sector, which proves how a threat actor can be successful in pursuing its objectives while maintaining a cheap budget. The use of DDNS services, publicly available remote access tools, and having a minimum knowledge on software development (in this case VB.NET) has been enough for running a campaign lasting month, and potentially gathering credit card information and other possible data. ",
+      "meta": {
+        "refs": [
+          "https://unit42.paloaltonetworks.com/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business/"
+        ]
+      },
+      "uuid": "35c40ce2-57c0-479e-8a56-efbb8695e395",
+      "value": "Operation Comando"
     }
   ],
-  "version": 99
+  "version": 100
 }