diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1f93174..862d9b2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -14837,6 +14837,16 @@
       },
       "uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
       "value": "Fishing Elephant"
+    },
+    {
+      "description": "RevengeHotels is a targeted cybercrime campaign that has been active since 2015, primarily targeting hotels, hostels, and tourism companies. The threat actor uses remote access Trojan malware to infiltrate hotel front desks and steal credit card data from guests and travelers. The campaign has impacted hotels in multiple countries, including Brazil, Argentina, Chile, and Mexico. The threat actor employs social engineering techniques and sells credentials from infected systems to other cybercriminals for remote access.",
+      "meta": {
+        "refs": [
+          "https://securelist.com/revengehotels/95229/"
+        ]
+      },
+      "uuid": "083acee6-6969-4c74-80c2-5d442936aa97",
+      "value": "RevengeHotels"
     }
   ],
   "version": 299