Romanian Hacker Sentenced to Prison in US for Selling Access to Oregon State Network
Romanian national Catalin Dragomir was sentenced to 4 years and 8 months in US prison for hacking into an Oregon state government network and selling access to it and other compromised systems.
Romanian national Catalin Dragomir has been sentenced to 4 years and 8 months in a US federal prison after pleading guilty to hacking into an Oregon state government office's network and selling unauthorized access to it and other compromised systems. The 45-year-old was arrested in Romania in November 2024, extradited to the United States in January 2025, and pleaded guilty in February 2026 to one count of obtaining information from a protected computer and one count of aggravated identity theft.
According to the US Department of Justice, Dragomir breached the network of an Oregon state government office in June 2021. He then sold access to that network—as well as access to other compromised networks in the United States—resulting in total losses exceeding $250,000. The Oregonian reported that Dragomir sold access to the Oregon network for just $3,000 in Bitcoin, highlighting the low cost at which initial access brokers can monetize their intrusions.
Dragomir admitted to selling information obtained from at least 10 other organizations. Prosecutors described him as a “prolific” hacker, though Dragomir claimed he had worked for another hacker rather than being the scheme's mastermind. The case underscores the growing threat of initial access brokers (IABs) who specialize in breaking into networks and then selling that access to other cybercriminals, including ransomware gangs and state-sponsored actors.
The sentencing judge took into account the two months Dragomir spent in jail in Romania before his extradition. The case is part of a broader trend of international law enforcement cooperation targeting cybercriminals who operate across borders. Another Romanian national, 53-year-old Gavril Sandu, was recently extradited to the United States for his role in a cybercrime scheme carried out 17 years ago.
The case highlights the persistent risk to state and local government networks, which often lack the cybersecurity resources of federal agencies. Initial access brokers like Dragomir frequently target these organizations, knowing that a single compromised credential or vulnerable system can provide a foothold into sensitive data and critical infrastructure. The Oregon breach serves as a reminder that even small-scale intrusions can have outsized consequences when the access is resold to more sophisticated threat actors.
As ransomware and data extortion attacks continue to rise, the role of IABs has become a critical focus for law enforcement. Disrupting these brokers—through arrests, extraditions, and prosecutions—is seen as a key strategy to choke off the supply of compromised access that fuels larger cybercrime operations. Dragomir's sentencing sends a clear message that selling access to US networks carries severe consequences, even for actors operating from abroad.