diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index afc5ec0..87d7abc 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13125,6 +13125,19 @@
       },
       "uuid": "e284c356-4b77-4f86-a8f2-7793cbe8662b",
       "value": "AppMilad"
+    },
+    {
+      "description": "UNC4841 is a well-resourced threat actor that has utilized a wide range of malware and purpose-built tooling to enable their global espionage operations. They have been observed selectively deploying specific malware families at high priority targets, with SKIPJACK being the most widely deployed. UNC4841 primarily targeted government and technology organizations, but they have also been observed targeting other verticals.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://blog.polyswarm.io/unc4841-targeting-government-entities-with-barracuda-esg-0day-cve-2023-2868",
+          "https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation",
+          "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
+        ]
+      },
+      "uuid": "8959fbb4-95f0-485d-bba2-db9140b95386",
+      "value": "UNC4841"
     }
   ],
   "version": 294