diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 2b6a3fb..c3687d7 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -4455,12 +4455,19 @@
     {
       "description": "The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.",
       "meta": {
+        "country": "RU",
         "refs": [
           "https://www.f-secure.com/documents/996508/1030745/callisto-group",
-          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag"
+          "https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe",
+          "https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe",
+          "https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag",
+          "https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations",
+          "https://blog.sekoia.io/calisto-continues-its-credential-harvesting-campaign"
         ],
         "synonyms": [
-          "COLDRIVER"
+          "COLDRIVER",
+          "SEABORGIUM",
+          "TA446"
         ]
       },
       "uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",