diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1849d48..fadfacb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16045,6 +16045,17 @@
       },
       "uuid": "ee13ddb3-e8c0-4568-b56c-82d82c30f48b",
       "value": "StucxTeam"
+    },
+    {
+      "description": "FlyingYeti is a Russia-aligned threat actor targeting Ukrainian military entities. They conduct reconnaissance activities and launch phishing campaigns using malware like COOKBOX. FlyingYeti exploits the WinRAR vulnerability CVE-2023-38831 to infect targets with malicious payloads. Cloudforce One has successfully disrupted their operations and provided recommendations for defense against their phishing campaigns.",
+      "meta": {
+        "country": "RU",
+        "refs": [
+          "https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine"
+        ]
+      },
+      "uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a",
+      "value": "FlyingYeti"
     }
   ],
   "version": 310