diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 0dc7848..60a03b0 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17573,6 +17573,17 @@
       },
       "uuid": "cbdf8d63-c114-47d5-8f32-f87f365c7c43",
       "value": "UNC2465"
+    },
+    {
+      "description": "LIMINAL PANDA is a China-nexus APT that targets telecommunications entities, employing custom malware and publicly available tools for covert access, C2, and data exfiltration. The adversary demonstrates extensive knowledge of telecom networks, utilizing GSM protocols to retrieve mobile subscriber information and call metadata. LIMINAL PANDA exploits trust relationships and security gaps between providers to access core infrastructure, indicating a focus on SIGINT collection rather than financial gain. Their intrusion activity has primarily affected telecom providers in southern Asia and Africa, with potential for broader targeting based on network configurations.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/"
+        ]
+      },
+      "uuid": "e7a64fd7-5d30-47ec-b9f6-8c555e5f319f",
+      "value": "Liminal Panda"
     }
   ],
   "version": 321