Oregon state government: Romanian Hacker Pleads Guilty to Selling Unauthorized Access to Oregon State Government Network

Romanian Hacker Pleads Guilty to Selling Oregon Government Network Access on Dark Web

A 45-year-old Romanian national, Catalin Dragomir, has pleaded guilty to hacking into an Oregon state government network in June 2021 and selling the stolen access on dark web marketplaces. Dragomir, from Constanta, Romania, admitted to breaching a protected computer and extracting personal identifying information (PII) to demonstrate the value of the compromised system to potential buyers.

The scheme extended beyond Oregon, with Dragomir selling access to multiple U.S. victim networks, resulting in at least $250,000 in damages from operational disruptions, data exposure, and recovery costs. His actions exemplify the growing threat of initial access brokers cybercriminals who infiltrate networks and monetize entry points for ransomware groups or other malicious actors.

Dragomir was arrested by Romanian authorities in November 2024 and extradited to the U.S. in January 2025. He faces charges under the Computer Fraud and Abuse Act (CFAA), including a potential five-year prison term, plus a mandatory two-year consecutive sentence for aggravated identity theft. Sentencing is scheduled for May 26, 2026.

The investigation was led by the FBI’s Portland Field Office, with prosecution handled by the DOJ’s Computer Crime and Intellectual Property Section (CCIPS) and the U.S. Attorney’s Office for the District of Oregon. International collaboration with Romania’s Ministry of Justice and private sector intelligence from Darkweb IQ played a critical role in the case.

Since 2020, CCIPS has convicted over 180 cybercriminals and recovered more than $350 million in victim funds, often leveraging public-private partnerships. The incident highlights vulnerabilities in state and local government networks, emphasizing the need for stronger security measures against dark web-facilitated cyber threats.

Source: https://cyberpress.org/romanian-hacker-pleads-guilty-to-selling-unauthorized-access-to-oregon-state-government-network/

Oregon state government TPRM report: https://www.rankiteo.com/company/state-of-oregon

"id": "sta1771960935",
"linkid": "state-of-oregon",
"type": "Breach",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'Oregon, USA',
                        'name': 'Oregon state government',
                        'type': 'Government'}],
 'attack_vector': 'Unknown (likely phishing or exploitation of '
                  'vulnerabilities)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personal Identifying Information '
                                             '(PII)'},
 'description': 'A 45-year-old Romanian national, Catalin Dragomir, has '
                'pleaded guilty to hacking into an Oregon state government '
                'network in June 2021 and selling the stolen access on dark '
                'web marketplaces. Dragomir admitted to breaching a protected '
                'computer and extracting personal identifying information '
                '(PII) to demonstrate the value of the compromised system to '
                'potential buyers. The scheme extended beyond Oregon, with '
                'Dragomir selling access to multiple U.S. victim networks, '
                'resulting in at least $250,000 in damages from operational '
                'disruptions, data exposure, and recovery costs.',
 'impact': {'data_compromised': 'Personal Identifying Information (PII)',
            'financial_loss': '$250,000',
            'identity_theft_risk': 'High',
            'operational_impact': 'Operational disruptions',
            'systems_affected': 'Oregon state government network and other '
                                'U.S. victim networks'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
                           'entry_point': 'Oregon state government network'},
 'investigation_status': 'Convicted (pleaded guilty)',
 'lessons_learned': 'Highlights vulnerabilities in state and local government '
                    'networks and the need for stronger security measures '
                    'against dark web-facilitated cyber threats.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Exploitation of vulnerabilities in '
                                           'government networks'},
 'recommendations': 'Strengthen security measures, enhance monitoring, and '
                    'improve public-private partnerships for cyber threat '
                    'intelligence.',
 'references': [{'source': 'FBI’s Portland Field Office'},
                {'source': 'DOJ’s Computer Crime and Intellectual Property '
                           'Section (CCIPS)'},
                {'source': 'Romania’s Ministry of Justice'},
                {'source': 'Darkweb IQ'}],
 'regulatory_compliance': {'legal_actions': 'Pending sentencing (May 26, 2026)',
                           'regulations_violated': 'Computer Fraud and Abuse '
                                                   'Act (CFAA), Aggravated '
                                                   'Identity Theft'},
 'response': {'law_enforcement_notified': 'Yes (FBI, DOJ)',
              'third_party_assistance': 'Darkweb IQ (private sector '
                                        'intelligence)'},
 'threat_actor': 'Catalin Dragomir',
 'title': 'Romanian Hacker Pleads Guilty to Selling Oregon Government Network '
          'Access on Dark Web',
 'type': 'Initial Access Brokerage'}