The FBI and US Justice Department say nine Iranian citizens stole the login credentials of 8,000 academics at 320 institutions across 22 countries between 2013 and 2017.
They used the logins to steal research, academic journals, theses, dissertations and ebooks.
The stolen data was allegedly sold to two Iranian websites, which then provided cheap or free access to the research journals and other intellectual property to organisations in Iran.
US-based cyber security firm PhishLabs, which has been tracking Mabna since December, identified Australia as one of four key targets alongside the US, Canada and the UK.
It identified a third Iranian website which claimed to offer access to credentials from 13 Australian universities, including all those in the elite Group of Eight, which is made up of ANU, Monash University and the universities of Sydney, NSW, Melbourne, Queensland, Western Australia and Adelaide.
PhishLabs says 26 of Australia's 43 universities were sent lures, but is unsure about how many academics inadvertently handed over details.
"Because most of the universities targeted are prestigious research, technical, or medical institutions, it seemed like a logical possibility that the compromised credentials could be used to access some of the more sensitive research data that could only be accessed from an internal account," PhishLabs Threat Intelligence director Crane Hassold told AAP.
"Even though we didn't observe any evidence of this activity on our end directly, (the US) indictment indicates that the theft of university-specific data was indeed a goal for these actors."
A Sydney University spokeswoman told SBS News it would not comment on the phishing attempt, citing advice from the university's IT department against commenting on specific cyber attacks.
Monash University defended the "numerous layers of defence" that make up its cyber security systems.
"It's important to note that the targeted information, in this case, was aimed at accessing paywalled journal articles rather than personal or private data and this has not been compromised," a spokeswoman told AAP.
The FBI has issued international arrest warrants for the nine alleged hackers.
The US Justice Department says the cyber thieves also stole data from US companies and government agencies, as well as the United Nations.
In total, more than 31,000 gigabytes of data was taken - the equivalent of listening to a music streaming app in normal quality for the next 50 years.
FBI Assistant Director William F. Sweeney Jr estimated the stolen data was worth billions of dollars.