diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index cf1cfe3..6ee2d0c 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16433,6 +16433,17 @@
       },
       "uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc",
       "value": "Stargazer Goblin"
+    },
+    {
+      "description": "UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.",
+      "meta": {
+        "refs": [
+          "https://socprime.com/blog/uac-0102-phishing-attack-detection-hackers-steal-authentication-data-impersonating-the-ukr-net-web-service/",
+          "https://cert.gov.ua/article/4928679"
+        ]
+      },
+      "uuid": "7dd2e8ee-4232-43f5-9866-006160f19aea",
+      "value": "UAC-0102"
     }
   ],
   "version": 312