A Romanian national has been sentenced to prison in the United States for hacking into an Oregon state government network and selling unauthorized access to it. The sentence marks a significant milestone in international efforts to combat cybercrime, particularly cases involving the sale of network access to other criminals.
Catalin Dragomir, 45, was arrested in Romania in November 2024 and subsequently extradited to the United States in January 2025. He pleaded guilty in February 2026 to one count of obtaining information from a protected computer and one count of aggravated identity theft. This week, a federal judge sentenced him to 4 years and 8 months in prison, with credit given for the two months he spent in Romanian custody prior to extradition.
The hacking incident occurred in June 2021, when Dragomir infiltrated the network of an Oregon state government office. According to court documents, he then sold access to that network for $3,000 in Bitcoin. The total losses attributed to his activities exceeded $250,000, stemming from the compromise and subsequent misuse of the network.
Details of the Crime
Dragomir admitted to selling information obtained from at least 10 other organizations, making him a prolific figure in the underground cybercrime market. Prosecutors described him as a key player in the ecosystem of initial access brokers—criminals who specialize in breaking into networks and then selling that access to ransomware groups, data thieves, and other malicious actors. However, Dragomir claimed during the proceedings that he was not the mastermind but rather worked for another hacker, a defense that did not significantly reduce his sentence.
The case underscores the growing threat of initial access brokers, who have become a critical component of the cybercrime supply chain. By providing entry points to high-value networks, these brokers enable a wide range of attacks, including ransomware deployments, data exfiltration, and espionage. The Oregon state network, once compromised, could have been used to launch further attacks against other government agencies or private sector partners.
Background of the Hacker
Catalin Dragomir, a Romanian national with no prior major criminal record in the United States, was part of a broader trend of Eastern European hackers targeting government and corporate networks. Romania has a notable history of cybercriminal activity, with several high-profile hackers originating from the country. In recent years, Romanian authorities have cooperated more closely with the US Department of Justice and the FBI to extradite individuals accused of cybercrimes.
Extradition itself can be a lengthy process, requiring diplomatic coordination and legal proceedings in both countries. Dragomir was arrested in November 2024 and extradited within two months, indicating a streamlined process. Once in the United States, he faced charges that carried significant penalties, including up to 10 years for the computer intrusion charge and a mandatory minimum of 2 years for aggravated identity theft.
Legal and Sentencing Implications
The sentencing judge considered not only the severity of the crime but also the time Dragomir had already served in Romania. The final sentence of 4 years and 8 months reflects a balance between punishment and credit for time served. Aggravated identity theft charges are particularly serious because they involve using another person's identity to commit the crime, which can cause long-term harm to victims.
The case also involved the use of Bitcoin as a payment method for the illegal access. Cryptocurrencies like Bitcoin are often used in cybercriminal transactions due to their pseudonymity, but law enforcement has become increasingly adept at tracing blockchain transactions. In this case, investigators likely traced the Bitcoin payment to identify Dragomir and build the case against him.
Broader Context: Romanian Cybercrime and International Cooperation
This sentencing comes in the wake of other Romanian hackers being extradited to the United States. For example, Gavril Sandu, another Romanian national, was recently extradited to face charges for a cybercrime scheme perpetrated 17 years ago. This demonstrates that US authorities are willing to pursue old cases and that international cooperation is improving.
Romania has become a hub for cybercriminal activity partly due to its strong technical education system and high unemployment rates in certain regions. However, the country has also taken steps to crack down on cybercrime, including joining international law enforcement task forces and passing stricter laws. The extradition of Dragomir and others signals a growing willingness among European nations to cooperate with US investigations.
Impact on Organizations and Cybersecurity Practices
For organizations, the case serves as a reminder of the importance of network security, especially for government agencies. The Oregon state office that was compromised likely had to undergo a costly remediation process, including forensic analysis, system patching, and increased monitoring. The $250,000 in losses cited in the case may only represent direct financial damages; indirect costs such as reputation damage and operational disruptions could be significantly higher.
Initial access brokers like Dragomir often target vulnerabilities in remote access tools, phishing schemes, or unpatched software. Organizations can mitigate these risks by implementing multi-factor authentication, regular security training for employees, and robust patch management policies. The use of Bitcoin in the transaction also highlights the need for financial institutions to monitor cryptocurrency transactions for suspicious activity.
Cybersecurity experts have noted that the sale of network access has become a commoditized market on dark web forums, with prices varying based on the target's value. Government networks, especially at the state and local level, are often seen as lucrative targets because they may have weaker security than federal agencies but still hold sensitive data.
Role of Identity Theft in Cybercrime
Aggravated identity theft—the charge to which Dragomir pleaded guilty—involves using another person's identifying information in connection with a felony. In this case, Dragomir likely used stolen credentials to gain access to the Oregon network or to cover his tracks. Identity theft can have devastating consequences for individuals, including financial loss and damage to credit history. The charge carries a mandatory minimum penalty of two years in prison, which must be served consecutively to any other sentence.
The prevalence of identity theft in cybercrime underscores the importance of data protection laws and consumer awareness. Victims of identity theft may spend years restoring their credit and clearing their names. In this case, the victims included both the Oregon state employees whose credentials were stolen and the organizations that suffered losses.
As the digital economy expands, cybercriminal networks continue to evolve. The sentencing of Catalin Dragomir sends a strong message that international law enforcement is committed to pursuing hackers across borders and bringing them to justice. However, experts caution that the volume of cyberattacks is rising, and that initial access brokers remain a persistent threat.
For now, the case stands as a reminder of the risks associated with network vulnerabilities and the importance of proactive cybersecurity measures. The Oregon state government office, along with the other organizations affected by Dragomir's activities, will likely continue to strengthen their defenses to prevent future incidents.
Source: SecurityWeek News