The FBI and cybersecurity specialists are on high alert following a trio of serious cyber incidents targeting President Trump’s advisers, commercial airlines, and private companies. Two of the incidents were committed by adversarial countries, Iran and North Korea.

“When I was in the FBI, we rarely saw this kind of overlap,” a former FBI counterterrorism and counterintelligence operative, Eric O’Neill, tells the Sun. “Coordination between state actors and the cybercriminal gangs working for them is not just easier — it’s strategic. Disrupting the West is a shared goal, and they’re aligning in ways we’ve never seen before.”

On Monday, the Department of Justice unveiled sweeping actions it took against North Korea’s years-long scheme in which operatives used fake credentials to pose as remote IT employees to secure jobs at United States companies, ultimately gaining access to, and stealing, money, intellectual property, and “export-controlled U.S. military technology” from their employers.

“The North Korean actors were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan, and successfully obtained employment with more than 100 U.S. companies,” the justice department said in a statement.

FBI and justice department officials recovered 200 computers, searched 29 suspected “laptop farms” across 16 states, and seized 29 financial accounts used to launder illicit funds as well as 21 fraudulent websites. Four North Koreans, two Taiwanese nationals, and six Chinese nationals were charged for their roles in separate IT schemes, the justice department said.

In a Massachusetts District Court on Monday, an American national, Zhenxing “Danny” Wang of New Jersey, was among nine charged for using stolen American identities to obtain remote IT jobs, including with “several Fortune 500 companies and a defense contractor,” to generate revenue for North Korea’s nuclear weapons program.

Mr. Wang is accused of hosting laptops belonging to American companies in his residence and connecting them to keyboard-video-mouse switches that allowed people overseas to control the laptops remotely.

“The IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations data from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies,” the justice department said in a statement.

The four North Korean nationals were charged with stealing and laundering more than $900,000 in cryptocurrency. 

Also on Monday, a group of hackers with ties to Iran, who call themselves “Robert,”  announced they had roughly 100 gigabytes of emails belonging to a longtime Trump adviser, Roger Stone; a Trump aide now charged with removing ideologically charged material from the Smithsonian museums, Lindsey Halligan; the White House chief of staff, Susie Wiles; and an adult film performer, Stormy Daniels, who famously claims she had a sexual encounter with President Trump many years ago in Lake Tahoe.

The Cybersecurity and Infrastructure Security Agency dismissed the hacker group’s threats as “a calculated smear campaign meant to damage President Trump and discredit honorable public servants who serve our country with distinction.” 

Earlier that same day, CISA released its new report, co-authored by the FBI, the NSA, and the Department of Defense Cyber Crime Center, warning of potential malicious cyber attacks against critical American infrastructure by “Iranian state-sponsored or affiliated threat actors.”

“U.S. critical infrastructure, across all sectors, has always been considered a viable target for threat actors. Disruption and/or loss of data from such attacks on these organizations can cripple operations and create wide-ranging downstream effects on an organization and its customers, clients, patients, employees, and others,” a former Secret Service agent, Matt Chevraux, now FTI Consulting managing director, tells the Sun. 

In Mr. O’Neill’s view,  Iran, China, and Russia have the capacity to launch a collaborative attack on America’s infrastructure that would prove
“catastrophic.”

“If everything goes wrong in the world, geopolitically, and we do get into some sort of massive conflict, I think that’s what we’re going to see here in the U.S., and our power grid in particular is very vulnerable,” Mr. O’Neill tells the Sun.

This past weekend, the FBI issued an urgent alert about Scattered Spider, a cybercriminal group made up of members in both the United States and the United Kingdom that reportedly used social engineering tactics to gain unauthorized access to computer networks belonging to commercial airlines that include Canada’s WestJet and Hawaiian Airlines. 

“These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” the FBI said in a statement. 

In the case of the “Robert” group, an American Enterprise Institute scholar, Frederick Kagan, told Reuters that the threat of leaking emails belonging to notable Trump-era figures was Iran’s way of retaliating with methods that are “not likely to trigger a resumption of major Israeli/U.S. military activity.”

“Cyber is the cheapest battlefield,” Mr. O’Neill, author of the upcoming book “Spies, Lies, and Cybercrime: Cybersecurity Tactics to Outsmart Hackers and Disarm Scammers,” tells the Sun. He believes there will be continued asymmetric warfare by Iran and other threat actors as their way of leveling the playing field with the West.

“At the same time, the U.S. is leaking talent, trust, and tech. That’s a perfect storm for opportunistic adversaries who know how to exploit a distracted, polarized target,” Mr. O’Neill tells the Sun.