Iranian hackers have broken into the systems of airlines, hospitals, universities, defence contractors, energy companies, telecommunications firms and government agencies around the world over the last two years, stealing confidential security documents in the process.
Researchers at cybersecurity firm Cylance revealed other types of compromised information included employee details - such as schedules and ID card data - plus PDFs of airport security systems and measures.
Systems in as many as 50 companies in 16 countries were infiltrated in the attacks, and it's fear they could have compromised national security in countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates and the United States.
"Ten of these victims are headquartered in the US and include a major airline, a medical university, an energy company specialising in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation," Cylance said in its report, entitled Operation Cleaver.
"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world's physical safety."
It's thought the hackers were part of a Tehran-based group that performed a cyber attack on the US Navy's network last year, but Iranian officials denied the country was responsible for the hacks.
Hamid Babaei, head of the press office in the Mission of the Islamic Republic of Iran to the United Nations told Reuters: "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks."
Cylance didn't reveal how the attackers managed to hack into systems, but it's thought they used malware to get access to employee records and then used these identities to siphon off other confidential documents.
