APT / THREAT GROUP

Cadelle

🇮🇷Iran-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, it’s likely that activity began well before this date. Command-and-control (C&C) registrant information points to activity possibly as early as 2011, while executable compilation times suggest early 2012. Their attacks continue to the present day. Symantec estimates that each team is made up of between 5 and 10 people.

Threat Analysis

Cadelle is a known-sophistication threat actor attributed to Iran, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Cadelle — Active Operations March 2026

Cadelle is a unknown-motivation threat actor attributed to Iran. Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, it’s likely that activity began well before this date. Command-and-control (C&C) registrant information points to activity possibly as early as 2011, while executable compilat...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇮🇷 Iran
Aliases1
SourceMalpedia

Also Known As

Cadelle

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Cadelle — APT / Threat Group | Threat Intelligence | CTIWATCH.COM