A Romanian national has pleaded guilty to charges related to unauthorized access and sale of network credentials belonging to an Oregon state government office and multiple other U.S. victims, the U.S. Department of Justice announced on February 20, 2026.
Catalin Dragomir, 45, formerly of Constanta, Romania, admitted to breaking into the Oregon state government office’s network in June 2021 and subsequently selling that access to prospective buyers on the dark web.
During the sale, Dragomir provided sample personally identifiable information (PII) stolen from the compromised system to entice buyers, a tactic commonly observed in initial access broker (IAB) operations.
Beyond the Oregon breach, Dragomir sold unauthorized access to networks belonging to numerous other U.S.-based victims, resulting in losses of at least $250,000 across all incidents.
Charges, Arrest, and Extradition
Dragomir was arrested in Romania in November 2024 following a coordinated effort between U.S. and Romanian authorities and was subsequently extradited to the United States in January 2025.
He has pleaded guilty to one count of obtaining information from a protected computer and one count of aggravated identity theft.
Sentencing is scheduled for May 26, 2026, where he faces up to five years in prison for the computer intrusion charge, followed by a mandatory consecutive two-year sentence for aggravated identity theft.
The FBI’s Portland Field Office led the investigation, with prosecution handled by Trial Attorneys Benjamin A. Bleiberg and Alison M. Zitron of the DOJ’s Computer Crime and Intellectual Property Section (CCIPS), alongside Assistant U.S. Attorney Katherine A. Rykken.
The Criminal Division’s Office of International Affairs coordinated with Romania’s Ministry of Justice to secure Dragomir’s arrest and extradition. Darkweb IQ also assisted in the investigation.
This case underscores the persistent threat posed by initial access brokers who commoditize network access on criminal marketplaces, enabling downstream ransomware attacks and data theft. Since 2020, CCIPS has secured convictions of over 180 cybercriminals and recovered more than $350 million in victim funds.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
