diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index f897a008..5ab88da3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17953,6 +17953,59 @@
       },
       "uuid": "d424f90d-fc2b-428a-bbe6-41e390308fb3",
       "value": "GamaCopy"
+    },
+    {
+      "description": "Sarcoma is a ransomware group that emerged in October 2024 and has been actively targeting various organizations. Sarcoma's attack methods include phishing campaigns, exploiting n-day vulnerabilities, and supply chain attacks. Once inside a network, they use RDP exploitation, lateral movement, and data exfiltration tactics. Sarcoma has claimed responsibility for attacks against Unimicron, a PCB manufacturer, Kelowna Springs Golf Club, Popular Life Insurance, CP Construplan, ADT Freight Services Australia, Micon National. These attacks have resulted in data exfiltration, with Sarcoma threatening to leak or having already leaked stolen data. Specifically, Sarcoma has exfiltrated 377 GB of SQL files and sensitive documents from Unimicron, 3.8 GB of data from Kelowna Springs, 36 GB of data from Popular Life Insurance, 2 GB of data from ADT Freight Services Australia, and 34 GB of data from Micon National. The group is known for its aggressive tactics against industrial organizations.",
+      "meta": {
+        "refs": [
+          "https://www.securityweek.com/circuit-board-maker-unimicron-targeted-in-ransomware-attack/",
+          "https://www.ransomware.live/group/sarcoma",
+          "https://cyberpress.org/sarcoma-ransomware/",
+          "https://australiancybersecuritymagazine.com.au/new-ransomware-group-sarcoma-targets-australian-companies/"
+        ],
+        "synonyms": [
+          "Sarcoma"
+        ],
+        "cfr-target-category": [
+          "Energy",
+          "Technology",
+          "Manufacturing",
+          "Services",
+          "Financial",
+          "Agriculture",
+          "Retail",
+          "Private sector",
+          "Hospitality",
+          "Transportation"
+        ],
+        "cfr-suspected-victims": [
+          "Italy",
+          "United States",
+          "Germany",
+          "Taiwan",
+          "Spain",
+          "Dominican Republic",
+          "Mexico",
+          "South Africa",
+          "Oman",
+          "Pakistan",
+          "Austria",
+          "Peru",
+          "Australia",
+          "United Arab Emirates",
+          "Canada",
+          "Malaysia",
+          "France",
+          "Bulgaria",
+          "New Zealand",
+          "Qatar",
+          "Kuwait",
+          "Philippines",
+          "United Kingdom"
+        ]
+      },
+      "uuid": "4d9abe9e-14b0-4021-bcf1-5bac0ef97f9f",
+      "value": "Sarcoma Ransomware Group"
     }
   ],
   "version": 322