Back

Romanian Hacker Sentenced for Selling Access to Oregon Emergency Network

Severity: Medium (Score: 48.9)

Sources: Justice, Oregonlive

Published: 2026-05-27 · Updated: 2026-05-27

Keywords: oregon, romanian, sentenced, access, state, prison, national

Severity indicators: government

Summary

Catalin Dragomir, a Romanian citizen, was sentenced to 56 months in prison for selling unauthorized access to Oregon's emergency management network in 2021. He pleaded guilty to aggravated identity theft and obtaining information from a protected computer. Dragomir sold access for $3,000 in Bitcoin and provided personal information of state employees to prove his access. The breach affected a network with three servers and 50 computers, posing risks to critical infrastructure. He also admitted to selling personal information from at least 10 other U.S. victims, causing losses exceeding $250,000. Dragomir was arrested in Romania in November 2024 and extradited to the U.S. in January 2025. His cooperation with the FBI led to his plea deal in February 2025. Key Points: • Catalin Dragomir sold access to Oregon's emergency management network for $3,000 in Bitcoin. • He provided personal identifying information from state employees to potential buyers. • The breach impacted critical infrastructure, with losses from other victims exceeding $250,000.

Detailed Analysis

**Impact** The intrusion affected the Oregon state Department of Emergency Management’s network, comprising three servers and 50 computers, which support disaster prevention, response, and recovery efforts. Personal identifying information of at least one state employee, including name, date of birth, Social Security number, and email, was compromised and shared with buyers. Additionally, Dragomir sold access to networks of at least 10 other U.S. victims, causing financial losses exceeding $250,000. The breach impacted critical infrastructure related to emergency management within Oregon and multiple other U.S. entities. **Technical Details** The attacker obtained unauthorized access to the Oregon state emergency network in June 2021 and advertised “admin access” on the dark web. Access was sold for $3,000 in Bitcoin after providing proof via screenshots containing personal data. The attacker pleaded guilty to aggravated identity theft and obtaining information from a protected computer. No specific malware, CVEs, or detailed TTPs beyond credential theft and dark web sales were disclosed. The FBI and DOJ led the investigation with international cooperation for arrest and extradition. **Recommended Response** Organizations managing critical infrastructure should monitor for unauthorized access attempts and credential compromise, especially involving emergency management systems. Implement multi-factor authentication and restrict administrative access to sensitive networks. Conduct regular audits of access logs and monitor dark web sources for leaked credentials. No specific patches or IOCs were provided; defenders should maintain vigilance on identity theft and unauthorized access indicators.

Source articles (2)

  • Hacker who sold access to Oregon state emergency network for Bitcoin gets prison — Oregonlive · 2026-05-27
    A Romanian citizen who sold stolen login credentials that provided access to Oregon’s emergency management computer network in 2021 was sentenced Tuesday to more than four years in federal prison. Cat…
  • Romanian National Sentenced for Selling Access to Networks of Oregon State Government ... — Justice · 2026-05-27
    A Romanian national was sentenced yesterday to 56 months in prison in connection with an online intrusion into an Oregon state government office in 2021 and other cyber-attacks on U.S. victims. Accord…

Timeline

  • 2021-06-01 — Personal data shared with buyer: Dragomir shared screenshots of a state employee's personal information to demonstrate access.
  • 2021-06-16 — Access sold to Oregon state network: Dragomir sold access to the emergency management network for $3,000 in Bitcoin, proving access with personal data.
  • 2024-11-01 — Dragomir arrested in Romania: FBI agents arrested Dragomir in Romania as part of an international investigation into his cybercrimes.
  • 2025-01-05 — Extradition to the United States: Dragomir was extradited to the U.S. to face charges related to his cybercrimes.
  • 2025-02-19 — Plea deal signed: Dragomir pleaded guilty to aggravated identity theft and obtaining information from a protected computer.
  • 2026-05-26 — Sentencing in federal court: Dragomir was sentenced to 56 months in prison for his cybercrimes against Oregon's emergency network.

Related entities

  • Data Breach (Attack Type)
  • Oregon State Government (Company)
  • Romania (Country)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Government (Industry)
  • T1005 - Data From Local System (Mitre Attack)
  • T1078 - Valid Accounts (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed