diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1995ba1..4e0a9f2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12194,6 +12194,17 @@
       },
       "uuid": "4f1c43a4-3788-4035-a99c-e510f89edd0f",
       "value": "Redfly"
+    },
+    {
+      "description": "TetrisPhantom relies on compromising of certain type of secure USB drives that provide hardware encryption and is commonly used by government organizations. While investigating this threat, experts identified an entire spying campaign that uses a range of malicious modules to execute commands, collect files and information from compromised computers and transfer them to other machines also using secure USB drives.",
+      "meta": {
+        "refs": [
+          "https://usa.kaspersky.com/blog/sas-2023-research/29254/",
+          "https://securelist.com/apt-trends-report-q3-2023/110752/"
+        ]
+      },
+      "uuid": "5368c0a2-eb79-420c-b808-85ae719efccd",
+      "value": "TetrisPhantom"
     }
   ],
   "version": 288