diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 50be072..6120a0f 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9061,15 +9061,18 @@
     {
       "description": "GALLIUM, is a threat actor believed to be targeting telecommunication providers over the world, mostly South-East Asia, Europe and Africa. To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.",
       "meta": {
+        "country": "CN",
         "refs": [
           "https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/",
           "https://www.youtube.com/watch?v=fBFm2fiEPTg",
           "https://troopers.de/troopers22/talks/7cv8pz/",
-          "https://unit42.paloaltonetworks.com/atoms/alloytaurus/"
+          "https://unit42.paloaltonetworks.com/atoms/alloytaurus/",
+          "https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/"
         ],
         "synonyms": [
           "Red Dev 4",
-          "Alloy Taurus"
+          "Alloy Taurus",
+          "Granite Typhoon"
         ]
       },
       "related": [