Hector Xavier Monsegur, the hacker known as “Sabu,” became a confidential FBI informant following his 2011 arrest. But he continued to direct other hackers to attack more than 2,000 Internet domains in 2012, including sites operated by the Iranian, Syrian, and Brazilian governments.

Based on documents obtained by the New York Times, those attacks were carried out with the knowledge of the FBI agents supervising Monsegur. The Times report suggests that the data obtained in the attacks—including information on Syrian government sites—was passed to US intelligence agencies by the FBI.

The attacks, which were carried out by hacker Jeremy “Anarchos” Hammond and others, targeted sites that ran on servers managed by Plesk, a commonly used “control panel” application for shared Web hosting services. In a prison interview, Hammond—who participated in the hacking of Stratfor Global Intelligence and was later arrested based on information provided by Monsegur—told the Times that he and Monsegur had learned of a vulnerability in Plesk from another hacker. Monsegur then began feeding Hammond a list of foreign websites to attempt to exploit using the bug.

The Plesk bug was the same one used by hackers claiming to be members of Anonymous in an attack on a Federal Trade Commission website in February of 2012 and was not disclosed by the software’s developer, Parallels, until February 15. That means that the FBI, through Monsegur, would have been aware of the exploit of the bug for a month or more before its disclosure.