diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 795b531..03c51de 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15571,6 +15571,17 @@
       },
       "uuid": "07232925-bd1b-49a9-adca-46536ff6fdd8",
       "value": "Bignosa"
+    },
+    {
+      "description": "The Smishing Triad is a Chinese-speaking threat group known for targeting postal services and their customers globally through smishing campaigns. They leverage compromised Apple iMessage accounts to send fraudulent messages warning of undeliverable packages, aiming to collect personally identifying information and payment credentials. The group offers smishing kits for sale on platforms like Telegram, enabling other cybercriminals to launch independent attacks. \"Smishing Triad\" has expanded its operations to target UAE citizens, using geo-filtering to focus on victims in the Emirates.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.resecurity.com/blog/article/Smishing-Triad-Impersonates-Emirates-Post-Target-UAE-Citizens"
+        ]
+      },
+      "uuid": "85db04b5-1ec2-4e25-908a-f53576bd175a",
+      "value": "Smishing Triad"
     }
   ],
   "version": 305