diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b088671..0c5f2f2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13181,6 +13181,19 @@
       },
       "uuid": "000a2535-8fbf-459d-a067-d10528496a92",
       "value": "WeedSec"
+    },
+    {
+      "description": "TA444 is a North Korea state-sponsored threat actor that primarily focuses on financially motivated operations. They have been active since at least 2017 and have recently shifted their attention to targeting cryptocurrencies. TA444 employs various infection methods and has a diverse range of malware and backdoors at their disposal. They have been attributed to stealing hundreds of millions of dollars' worth of cryptocurrency and related assets.",
+      "meta": {
+        "country": "KP",
+        "refs": [
+          "https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds",
+          "https://cyberscoop.com/north-korean-cryptocurrency-hackers-education-government/",
+          "https://www.darkreading.com/remote-workforce/north-korea-apt-swindled-1b-crypto-investors-2022"
+        ]
+      },
+      "uuid": "5a38db83-16b3-477f-a045-66a922868eea",
+      "value": "TA444"
     }
   ],
   "version": 294