diff --git a/clusters/threat-actors.json b/clusters/threat-actors.json
index 1d56cf4..cd0dc2d 100644
--- a/clusters/threat-actors.json
+++ b/clusters/threat-actors.json
@@ -593,7 +593,8 @@
         "TsarTeam",
         "TG-4127",
         "Group-4127",
-        "STRONTIUM"
+        "STRONTIUM",
+        "Grey-Cloud"
       ]
     },
     {
@@ -918,6 +919,17 @@
        "value": "Volatile Cedar",
        "description": "Beginning in late 2012, a carefully orchestrated attack campaign we call Volatile Cedar has been targeting individuals, companies and institutions worldwide. This campaign, led by a persistent attacker group, has successfully penetrated a large number of targets using various attack techniques, and specifically, a custom-made malware implant codenamed Explosive .",
        "refs": ["https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf"]
+     },
+     {
+       "value": "Callisto",
+       "description": "Threat Group conducting cyber espionage while re-using tools from other teams; like those of Hacking Team, and vmprotect to obfuscate.",
+       "synonyms": [
+        "Grey-Pro",
+        "Coldriver",
+        "Reuse team",
+        "Malware reusers",
+        "Callisto Group"
+      ]
      }
   ]
 }