diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d894645..6b43dc2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12274,6 +12274,19 @@
       },
       "uuid": "f3fd4397-19e4-47e0-b1bc-f792690e3bd0",
       "value": "SparklingGoblin"
+    },
+    {
+      "description": "The Kasablanka group is a cyber-criminal organization that has\nspecifically targeted Russia between September and December 2022,\nusing various payloads delivered through phishing emails containing\nsocially engineered lnk files, zip packages, and executables attached to\nvirtual disk image files.",
+      "meta": {
+        "country": "MA",
+        "refs": [
+          "https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/",
+          "https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/",
+          "https://blog.talosintelligence.com/get-a-loda-this/"
+        ]
+      },
+      "uuid": "6db3ad41-6b47-43c8-b94b-98853749ee02",
+      "value": "Kasablanka"
     }
   ],
   "version": 289