diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b788c2c..4280c88 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -1931,7 +1931,8 @@
           "https://threatconnect.com/blog/research-roundup-activity-on-previously-identified-apt33-domains/",
           "https://www.cfr.org/interactive/cyber-operations/apt-33",
           "https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf",
-          "https://dragos.com/adversaries.html"
+          "https://dragos.com/adversaries.html",
+          "https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/"
         ],
         "synonyms": [
           "APT 33",
@@ -1941,7 +1942,8 @@
           "HOLMIUM",
           "COBALT TRINITY",
           "G0064",
-          "ATK35"
+          "ATK35",
+          "Peach Sandstorm"
         ],
         "victimology": "Petrochemical, Aerospace, Saudi Arabia"
       },