Iranian cyber-attackers have been targeting the U.S. electrical grid’s networks and stealing highly sensitive data, an Associated Press investigation revealed on Monday.

Brian Wallace, a researcher at the cyber-security firm Cylance, discovered that critical files from Calpine Coroporation, which operates 82 power plants in 18 states and Canada, were stolen in a breach that began around August 2013 and may be ongoing. The information in those files included passwords, diagrams, and sensitive engineering designs of power plants, at least one of which was marked “Mission Critical.” After analyzing circumstantial evidence, investigators concluded that the data was compromised by Iranian hackers.

Robert M. Lee, a former U.S. Air Force cyber-warfare operations officer, told AP that having this level of control could allow Iran to launch an attack on America’s electrical infrastructure at any time. “If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” he warned.

Cylance researchers determined that the stolen files were stored on unencrypted servers and embedded with code to spread malware, as well as software to mask the hackers’ Iranian IP addresses.

Last December, Cylance found “bone-chilling evidence” that Iranian hackers had taken control over airports in three countries, including Pakistan. At the time, reports noted that the Taliban had previously launched an attack at a gate in Karachi’s Jinnah International Airport that had been hacked by Iranians, though it is unclear whether the hacked information was used to facilitate the attack. Monday’s AP report mentioned that Wallace determined that the hackers who targeted Calpine also carried out attacks against Pakistan International Airlines.

Col. (res.) Dr. Gabi Siboni, director of the Cyber Security Program at Israel’s Institute for National Security Studies, warned earlier this year that the next 9/11-style terror attack would be perpetrated by hackers taking control of critical computer systems.

A recent increase of cyber-attacks against American government personnel is believed to be linked to the recent arrest of Iranian-American businessman Siamak Namazi in Tehran. Namazi’s computer was confiscated by Iran’s Revolutionary Guard Corps after he was detained. A scheme by Iranian hackers to get sensitive information from professionals in the defense and telecommunications industries using fake LinkedIn profiles was discovered and shut down in October.

Earlier this year, the U.S. recruited Israel and Great Britain to help fight growing cyber threats from Iran. An Israeli cyber-security firm identified a wave of Iranian-backed hacking attacks on Israeli, Saudi Arabian, and Yemeni targets in June. In August, it was reported that Iranian hacking attempts also targeted political dissidents.

In Iran Has Built an Army of Cyber-Proxies, which was published in the August 2015 issue of The Tower Magazine, Jordan Brunner warned that the risk posed by Iran’s cyber-proxies should not be underestimated: