diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d980ee7..f81a8a9 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -2597,7 +2597,7 @@
     {
       "description": "A Russian group that collects intelligence on the energy industry.",
       "meta": {
-        "attribution-confidence": "50",
+        "attribution-confidence": "75",
         "cfr-suspected-state-sponsor": "Russian Federation",
         "cfr-suspected-victims": [
           "United States",
@@ -2618,6 +2618,7 @@
         "cfr-type-of-incident": "Espionage",
         "country": "RU",
         "refs": [
+          "https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet",
           "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
           "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf",
           "http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans",
@@ -2634,6 +2635,11 @@
           "https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector"
         ],
         "synonyms": [
+          "Beserk Bear",
+          "ALLANITE",
+          "CASTLE",
+          "DYMALLOY",
+          "TG-4192",
           "Dragonfly",
           "Crouching Yeti",
           "Group 24",
@@ -9100,5 +9106,5 @@
       "value": "Scarab"
     }
   ],
-  "version": 215
+  "version": 216
 }