diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index eb98b36..431db84 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -9130,7 +9130,7 @@
       "value": "BladeHawk"
     },
     {
-      "description": "",
+      "description": "The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source given by The Australian Government.",
       "meta": {
         "cfr-suspected-victims": [
           "Australia"
@@ -9248,7 +9248,16 @@
       },
       "uuid": "bfe66711-32dc-4c1f-b78b-9b2f9e4c1525",
       "value": "Red Menshen"
+    },
+    {
+      "description": "Cosmic Lynx is a Russia-based BEC cybercriminal organization that has significantly impacted the email threat landscape with sophisticated, high-dollar phishing attacks.",
+      "meta": {
+        "cfr-type-of-incident": "Business Email Compromise",
+        "refs": "https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf"
+      },
+      "uuid": "54ae5c75-8aab-41a8-971a-03d53db9b35c",
+      "value": "Cosmic Lynx"
     }
   ],
-  "version": 222
+  "version": 223
 }