diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index aef7928..eab8e9e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12811,6 +12811,18 @@
       },
       "uuid": "be4ea668-6a74-44d9-946e-e98e64a8855b",
       "value": "Dalbit"
+    },
+    {
+      "description": "SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting weak security practices, such as using students' dates of birth as passwords. SingularityMD demanded a ransom in cryptocurrency and threatened to leak stolen information if not paid. They have demonstrated a willingness to follow through on their threats and have already leaked some data.",
+      "meta": {
+        "refs": [
+          "https://www.databreaches.net/jeffco-public-schools-hit-by-the-same-threat-actors-that-hit-clark-county-school-district-and-via-the-same-way/",
+          "https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/",
+          "https://www.databreaches.net/hackers-escalate-leak-200k-ccsd-students-data-claim-to-still-have-access-to-ccsd-email-system/"
+        ]
+      },
+      "uuid": "d52a06dd-3ee9-47cf-ad31-b55ca4cbc5cf",
+      "value": "SingularityMD"
     }
   ],
   "version": 293