Romanian hacker Catalin Dragomir (45) got 4 years and 8 months in prison for selling access to an Oregon state network.
Romanian hacker Catalin Dragomir (45) will spend 4 years and 8 months in a US prison after admitting he sold access to an Oregon state network.
” A Romanian national was sentenced to 56 months in federal prison and three years of supervised release in connection with an online intrusion into an Oregon state government office in 2021 and other cyber attacks on U.S. victims, announced U.S. Attorney Scott E. Bradford.” reads the press release published by DoJ.
In February, Catalin Dragomir (45) pleaded guilty in the U.S. for selling unauthorized admin access to an Oregon state emergency management network. He gained access in June 2021, advertised it, and negotiated a $3,000 Bitcoin sale. According to DoJ, the man repeatedly accessed the system to demonstrate he controlled it.
“According to court documents, Catalin Dragomir, 45, formerly of Constanta, Romania, sold access to a computer on the network of an Oregon state government office after obtaining unauthorized access to it in June of 2021.” reads the press release published by DoJ. “During the sale of access to the computer, Dragomir provided the prospective buyer with samples of personal identifying information from the computer.”
The Romanian national also sold access to the computer networks of many other US victims, causing over $250,000 losses.
Catalin Dragomir was arrested in Romania in November 2024 and extradited to the U.S. in January 2025. He pleaded guilty to obtaining information from a protected computer and aggravated identity theft. Sentencing is set for May 26, 2026, with a maximum of five years for the first count and a mandatory two-year consecutive term for identity theft, pending the judge’s review of sentencing guidelines and statutory factors.
“My office will continue to work with our law enforcement partners, here and abroad, to disrupt and dismantle malicious cyber criminal activity and to bring cyber criminals, wherever they may be, to account for their crimes in federal court in Oregon,” said U.S. Attorney Bradford.
In early May, another Romanian citizen, Gavril Sandu, was extradited to the U.S. nearly 17 years after a hacking scheme. He was indicted in 2017 and arrested in 2026.
According to prosecutors, between May 2009 and October 2010, Sandu and co-conspirators hacked into small businesses’ VoIP systems, using them to make spoofed phone calls that impersonated banks and tricked victims into revealing debit card and PIN numbers. The stolen credentials were used to access accounts and steal funds.
Investigators allege that Sandu collected these stolen credentials, used them to forge magnetic stripe cards, and acted as a money mule, withdrawing cash from compromised ATMs and bank accounts. He then split the proceeds with his co‑conspirators.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Romanian Hacker)
