diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 583bb37..59565d4 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -10735,11 +10735,17 @@
           "https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself",
           "https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation",
           "https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility",
-          "https://twitter.com/cglyer/status/1480734487000453121"
+          "https://twitter.com/cglyer/status/1480734487000453121",
+          "https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group",
+          "https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/",
+          "https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/",
+          "https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader"
         ],
         "synonyms": [
           "SLIME34",
-          "DEV-0401"
+          "DEV-0401",
+          "Cinnamon Tempest",
+          "Emperor Dragonfly"
         ]
       },
       "related": [