diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 7b3a8ad..5cf4aa7 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15620,6 +15620,17 @@
       },
       "uuid": "2742b229-02f4-40d0-9b99-91844a2b030e",
       "value": "RUBYCARP"
+    },
+    {
+      "description": "Earth Hundun is a cyberespionage threat actor targeting technology and government sectors in the Asia-Pacific region. They are known for using the Waterbear and Deuterbear malware, which have advanced evasion tactics and anti-analysis mechanisms. The group has been active since at least 2009 and continuously refines their malware to bypass antivirus software. Earth Hundun's attacks involve phishing emails, malware droppers, and backdoors to infiltrate organizations and gather intelligence.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html",
+          "https://blogs.jpcert.or.jp/en/2022/03/jsac2022report1.html"
+        ]
+      },
+      "uuid": "edd85e27-9d05-4bc7-9b2b-5422e909336a",
+      "value": "Earth Hundun"
     }
   ],
   "version": 305