diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 6dfbcc5..578df6a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14586,6 +14586,19 @@
       },
       "uuid": "375988ab-91b9-419e-8646-a4783b931288",
       "value": "Storm-1286"
+    },
+    {
+      "description": "DEV-1101 is a threat actor tracked by Microsoft who is responsible for developing and advertising phishing kits, specifically AiTM phishing kits. These kits are capable of bypassing multifactor authentication and are available for purchase or rent by other cybercriminals. DEV-1101 offers an open-source kit with various enhancements, such as mobile device management and CAPTCHA evasion. Their tool has been used in high-volume phishing campaigns by multiple actors, including DEV-0928, and is sold for $300 with VIP licenses available for $1,000.",
+      "meta": {
+        "refs": [
+          "http://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/"
+        ],
+        "synonyms": [
+          "DEV-1101"
+        ]
+      },
+      "uuid": "8081af2c-442f-4487-9cf7-022cbe010b8f",
+      "value": "Storm-1101"
     }
   ],
   "version": 298