diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6f2d28c..217c6c1 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2352,6 +2352,13 @@
             "estimative-language:likelihood-probability=\"likely\""
           ],
           "type": "similar"
+        },
+        {
+          "dest-uuid": "d52ca4c4-d214-11e8-8d29-c3e7cb78acce",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
         }
       ],
       "uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35",
@@ -5947,7 +5954,27 @@
       },
       "uuid": "b27beb94-ce25-11e8-8e11-2f1a59bd0e91",
       "value": "Roaming Mantis"
+    },
+    {
+      "description": "ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks",
+      "meta": {
+        "refs": [
+          "https://www.eset.com/int/greyenergy-exposed/",
+          "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "f512de42-f76b-40d2-9923-59e7dbdfec35",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ],
+      "uuid": "d52ca4c4-d214-11e8-8d29-c3e7cb78acce",
+      "value": "GreyEnergy"
     }
   ],
-  "version": 72
+  "version": 73
 }