diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index b73a719..b3a01fb 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16110,6 +16110,17 @@
       },
       "uuid": "75cc313a-6a95-4ab8-b7f8-bfd7e4a7fe00",
       "value": "Gitloker"
+    },
+    {
+      "description": "UNC5537 is a financially motivated threat actor targeting Snowflake customer databases. They use stolen credentials obtained from infostealer malware to access and exfiltrate large volumes of data. The compromised accounts lack multi-factor authentication, allowing UNC5537 to conduct data theft and extortion.",
+      "meta": {
+        "refs": [
+          "https://research.checkpoint.com/2024/17th-june-threat-intelligence-report/",
+          "https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion"
+        ]
+      },
+      "uuid": "b8c6da46-4c9a-4075-b9f3-3b5ef7bd3534",
+      "value": "UNC5537"
     }
   ],
   "version": 310