diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 804d33e..09779d6 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -11646,7 +11646,32 @@
       },
       "uuid": "01ac8b25-492e-444b-891b-968f2694e7b2",
       "value": "MoustachedBouncer"
+    },
+    {
+      "description": "The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment.",
+      "meta": {
+        "references": [
+          "https://www.microsoft.com/en-us/security/blog/2023/09/12/malware-distributor-storm-0324-facilitates-ransomware-access/",
+          "https://www.proofpoint.com/us/blog/threat-insight/jssloader-recoded-and-reloaded"
+        ],
+        "synonyms": [
+          "DEV-0324",
+          "Sagrid",
+          "TA543"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "5db89188-568d-40d2-9320-5fb4a06fbd51",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "uses"
+        }
+      ],
+      "uuid": "8cb6f57b-9ebb-45a6-a89f-9efdb8065d70",
+      "value": "Storm-0324"
     }
   ],
-  "version": 281
+  "version": 282
 }