diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c78bdfc..bd39186 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -6050,6 +6050,16 @@
       },
       "uuid": "db7fd7dd-28f7-4e8d-a807-8405e4b0f4e2",
       "value": "DarkVishnya"
+    },
+    {
+      "description": "What’s noteworthy is that according to the introduction on the compromised website of the polyclinic (http://www.p2f.ru), the institution was established in 1965 and it was founded by the Presidential Administration of Russia. The multidisciplinary outpatient institution mainly serves the civil servants of the highest executive, legislative, judicial authorities of the Russian Federation, as well as famous figures of science and art.\nSince it is the first detection of this APT attack by 360 Security on a global scale, we code-named it as “Operation Poison Needles”, considering that the target was a medical institution. Currently, the attribution of the attacker is still under investigation. However, the special background of the polyclinic and the sensitiveness of the group it served both indicate the attack is highly targeted. Simultaneously, the attack occurred at a very sensitive timing of the Kerch Strait Incident, so it also aroused the assumption on the political attribution of the attack.",
+      "meta": {
+        "refs": [
+          "http://blogs.360.cn/post/PoisonNeedles_CVE-2018-15982_EN"
+        ]
+      },
+      "uuid": "08ff3cb6-c292-4360-a978-6f05775881ed",
+      "value": "Operation Poison Needles"
     }
   ],
   "version": 82