A Romanian national admitted guilt for a 2021 cyber intrusion that compromised an Oregon state government office and other U.S. targets, selling network access and personal data and triggering a cross-border investigation and extradition.
Catalin Dragomir, 45, has pleaded guilty in federal court after U.S. authorities traced a 2021 intrusion to his activity. The case centers on unauthorized access to a computer on the network of an Oregon state government office and the subsequent sale of that access to third parties. Prosecutors say those sales included samples of personal identifying information taken from the compromised system. The entry into that agency’s network formed part of a broader pattern of cybercriminal activity affecting victims across the United States.
Court filings detail that Dragomir obtained unauthorized access in June 2021 and then marketed that access to buyers who wanted entry to the victim network. During those transactions he offered proof of access by supplying snippets of personal data taken from the compromised computer. That practice of selling “hands-on” access made it easier for other criminals to exploit the systems for fraud, identity theft, or further intrusions. The records show the exchanges were transactional and aimed at monetizing access rather than any single political or public-interest goal.
Federal prosecutors also allege Dragomir sold access to dozens of other American targets, expanding the damage beyond the Oregon office. Investigators calculated direct losses tied to these activities at no less than $250,000, a conservative figure that may not capture downstream harm to victims. Selling access rather than delivering a one-off exploit multiplied the risk to institutions and individuals who relied on those networks. The scheme illustrates how access brokers operate as intermediaries in larger cybercrime ecosystems.
Romanian authorities arrested Dragomir in November 2024, and he was extradited to the United States in January 2025. Once in U.S. custody he faced formal charges tied to his role in the intrusions and sales. The cross-border arrest and transfer underscore ongoing cooperation between U.S. law enforcement and international partners in pursuing cybercriminals who operate overseas. That cooperation also shows the logistical and legal steps required to bring suspects to trial in another country.
In court Dragomir pleaded guilty to one count of obtaining information from a protected computer and one count of aggravated identity theft. Those plea entries formalize the government’s theory of the case and set the stage for sentencing arguments. Pleading guilty narrows the factual disputes for trial and allows prosecutors to present a consolidated view of the conduct and impacts tied to the defendant’s actions. The counts carry statutory penalties that will be considered at sentencing.
He is scheduled to be sentenced on May 26, 2026, and faces a maximum of five years in prison on the obtaining-information count, to be followed by a mandatory consecutive two-year term for aggravated identity theft. Any final sentence will be decided by a federal district court judge after review of the U.S. Sentencing Guidelines and other statutory factors. Judges weigh not only maximum exposure but aggravating and mitigating circumstances, including the scale of harm, the defendant’s role, and cooperation with authorities. The consecutive requirement for identity theft means the two-year term cannot be served at the same time as the other count.
The FBI Portland Field Office handled the investigative work in the United States, with prosecution led by Trial Attorneys Benjamin A. Bleiberg and Alison M. Zitron of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Katherine A. Rykken for the District of Oregon. Those teams marshaled digital forensics, victim impact assessments, and interagency coordination to support the case. Bringing cyber matters from investigation to indictment often requires specialized legal and technical expertise, which the listed offices provide.
The Criminal Division’s Office of International Affairs coordinated with the Romanian Ministry of Justice, Directorate for International Law and Judicial Cooperation, and the Romanian judiciary to secure Dragomir’s arrest and extradition. The Department of Justice also thanks Darkweb IQ for its assistance with the investigation. That mix of public and private cooperation reflects how many modern cyber investigations rely on both government-to-government channels and specialized analytics or intelligence from private firms. International legal channels were necessary to translate evidence and execute the detention and transfer.
CCIPS prosecutes cybercrime alongside domestic and foreign law enforcement partners, often with assistance from private sector specialists, and reports that since 2020 it has secured convictions of more than 180 cybercriminals and court orders returning over $350 million in victim funds. Those figures demonstrate the scale and pace of federal action against online financial and identity crimes in recent years. The case against Dragomir adds to a pattern of targeting access brokers and identity thieves who enable wider networks of digital fraud. Continued prosecution aims to raise the cost of doing business for actors who traffic in stolen access and personal data.
