diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 33c047a..e2bf2a7 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -8432,11 +8432,14 @@
           "https://news.sophos.com/en-us/2020/12/21/how-sunburst-malware-does-defense-evasion/",
           "https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/",
           "https://pastebin.com/6EDgCKxd",
-          "https://github.com/fireeye/sunburst_countermeasures"
+          "https://github.com/fireeye/sunburst_countermeasures",
+          "https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware",
+          "https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html"
         ],
         "synonyms": [
           "DarkHalo",
-          "StellarParticle"
+          "StellarParticle",
+          "NOBELIUM"
         ]
       },
       "uuid": "2ee5ed7a-c4d0-40be-a837-20817474a15b",