diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d95aae4..674a47e 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14649,6 +14649,19 @@
       },
       "uuid": "760b350c-522e-432d-80c5-7aab0eaf8873",
       "value": "Storm-0539"
+    },
+    {
+      "description": "Storm-1152, a cybercriminal group, was recently taken down by Microsoft for illegally reselling Outlook accounts. They operated by creating approximately 750 million fraudulent Microsoft accounts and earned millions of dollars in illicit revenue. Storm-1152 also offered CAPTCHA-solving services and was connected to ransomware and extortion groups. Microsoft obtained a court order to seize their infrastructure and domains, disrupting their operations.",
+      "meta": {
+        "country": "VN",
+        "refs": [
+          "https://securityboulevard.com/2023/12/microsoft-storm-1152-crackdown-stopping-threat-actors/",
+          "https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/",
+          "https://www.rewterz.com/rewterz-news/rewterz-threat-update-microsoft-warns-of-emerging-threat-by-storm-0539-behind-gift-card-frauds/"
+        ]
+      },
+      "uuid": "e18dca82-0524-4338-9a66-e13e67c81ac4",
+      "value": "Storm-1152"
     }
   ],
   "version": 298