US authorities are investigating a vast hacking-for-hire operation that involves attempts to pilfer confidential communications from investigative journalists, short sellers and advocacy groups fighting climate change, according to law enforcement officials, court documents and cybersecurity officials who have tracked the scheme for years.

The overall operation was stunning in scale and in some instances successful, according to several cybersecurity researchers who have been tracking the hackers. Among the thousands of entities allegedly targeted were hedge funds Coatue Management LLC and Blue Ridge Capital LLC, non-profit groups fighting telecommunications companies over control of the internet, and journalists from multiple news organisations, according to several cybersecurity researchers including the Toronto-based research group Citizen Lab, which tracks illegal hacking and surveillance.