diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f43813c..8942b0a 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17514,6 +17514,16 @@
       },
       "uuid": "48e2e297-55bd-4a6f-9c72-bc10ed06afa1",
       "value": "Massgrave"
+    },
+    {
+      "description": "Funksec is a newly identified extortion group that has claimed 11 victims across various sectors, including media, IT, and education, operating a Tor-based DLS to centralize its ransomware activities. The group advertises a free DDoS tool and may develop its own ransomware binary, indicating significant technical capability. The DLS was likely created in late November to early December 2024, with the first advertisement titled “Funksec Ransomware” posted on 3 December 2024. Currently, there is limited publicly available information on Funksec's TTPs, and it is not known to be associated with any other threat groups.",
+      "meta": {
+        "refs": [
+          "https://www.cyjax.com/resources/blog/take-me-down-to-funksec-town-funksec-ransomware-dls-emergence/"
+        ]
+      },
+      "uuid": "052519d2-1a4f-49d1-abe6-baffce51fedb",
+      "value": "FunkSec"
     }
   ],
   "version": 321