diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ca2f74f..836beb2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14991,6 +14991,17 @@
       },
       "uuid": "1697dace-fe21-452c-acee-bef62fc5e386",
       "value": "TA2725"
+    },
+    {
+      "description": "Recent campaigns suggest Hamas-linked actors may be advancing their\nTTPs to include intricate social engineering lures specially crafted to\nappeal to a niche group of high value targets. In September 2023, a Palestine-based group likely linked to Hamas targeted Israeli software engineers\nusing an elaborate social engineering ruse that ultimately installed malware\nand stole cookies. The attackers, which Google’s Threat Analysis Group (TAG) tracks as BLACKATOM, posed as employees of legitimate companies\nand reached out via LinkedIn to invite targets to apply for software development freelance opportunities. Targets included software engineers in\nthe Israeli military, as well as Israel’s aerospace and defense industry",
+      "meta": {
+        "country": "PS",
+        "refs": [
+          "https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf"
+        ]
+      },
+      "uuid": "264687b8-82f4-43b5-b7bb-dc3e0b9246bc",
+      "value": "Blackatom"
     }
   ],
   "version": 300