diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1df6521..9e230a8 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -10270,6 +10270,22 @@
       ],
       "uuid": "9687a6a9-0a66-4373-b546-60553857a442",
       "value": "TA2536"
+    },
+    {
+      "description": "DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltration operations that traditionally targeted gov't agencies and think tanks in Asia and Europe. DEV-0147 is known to use tools like ShadowPad, a remote access trojan associated with other China-based actors, to maintain persistent access, and QuasarLoader, a webpack loader, to deploy additional malware. DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command and control and data exfiltration.",
+      "meta": {
+        "cfr-suspected-victims": [
+          "South America",
+          "Asia",
+          "European Union"
+        ],
+        "country": "CN",
+        "references": [
+          "https://twitter.com/MsftSecIntel/status/1625181255754039318"
+        ]
+      },
+      "uuid": "85f20141-1c8e-49ac-b963-eaa1fb1f4018",
+      "value": "DEV-0147"
     }
   ],
   "version": 260