Romanian Access Broker Sentenced in Oregon Network Intrusion

A Romanian hacker, Catalin Dragomir, 46, received a four-year and eight-month federal prison sentence in Oregon for his role in a 2021 cyber intrusion. Dragomir, who operated under the alias 'inthematrix1,' sold access to three servers and 50 desktops belonging to Oregon’s Department of Emergency Management for $3,000. His actions led to estimated losses exceeding $250,000 across at least 10 U.S. entities. Dragomir pleaded guilty in February 2025 to two criminal counts—obtaining information from a protected computer and aggravated identity theft—after being extradited from Romania in January. Prosecutors linked the breach to Dragomir’s online activity, which included selling credentials on a hacking forum. His attorneys had argued for a shorter sentence of 24 months, but the judge upheld the harsher penalty. As part of his plea agreement, Dragomir forfeited nearly 23 Monero cryptocurrency coins, valued at approximately $7,400 at the time. Prosecutors had originally indicted him on six counts, including multiple charges of money laundering, though these were reduced as part of the deal. Dragomir reportedly agreed to cooperate with investigators prior to signing his plea agreement in February. Assistant U.S. Attorney Katherine A. Rykken described Dragomir’s activities as part of a 'quite prolific' run as an access broker. The case highlights ongoing risks posed by cybercriminals selling stolen credentials on underground forums, often targeting government and critical infrastructure systems.