It was unclear whether the FBI explicitly ordered the digital attacks, but court documents and interviews suggest "that the government may have used hackers to gather intelligence overseas," the Times wrote.
The figure at the centre of the case is Hector Xavier Monsegur, who had become a prominent hacker with the activist group Anonymous, which has staged cyber assaults on MasterCard, PayPal and other commercial and government targets.
Monsegur instructed a fellow hacker, Jeremy Hammond, to extract data from a long list of foreign government websites. And then that information which included bank records and login details was uploaded to a server "monitored" by the FBI, the Times reported, citing court papers.
The vast target list for hacking added up to more than 2,000 Internet domains, including the Polish Embassy in Britain and the electricity ministry in Iraq, according to an uncensored court document cited by the Times.
More From This Section
"After Stratfor, it was pretty much out of control in terms of targets we had access to," Hammond told the Times in an interview from a federal prison in Kentucky, where he is serving a 10-year sentence for the Stratfor attack and other hacking.
Hammond said he and Monsegur learned of a vulnerability that could be exploited in web-hosting software called Plesk, which permitted back door access to thousands of websites.
A court sentencing statement said that Monsegur directed other hackers to pull data from Syrian government sites, including banks and various ministries, according to the Times.
Monsegur's location is unknown and his sentencing hearing has been delayed repeatedly, fuelling speculation that he remains an informant for the US government, the Times wrote.
The report reinforces allegations that the US government has exploited flaws in Internet security to spy on foreign targets.
The FBI was not immediately available for comment.