Romanian Hacker Sentenced to 4 Years 8 Months for Selling Access to Oregon State Emergency Management Network
What Happened — Catalin Dragomir, a 45‑year‑old Romanian national, pleaded guilty to selling unauthorized admin access to an Oregon state emergency‑management network and other U.S. government systems. He advertised the foothold, accepted a $3,000 Bitcoin payment, and provided samples of personal identifying information (PII) from the compromised computer.
Why It Matters for TPRM —
- Credential‑as‑a‑service (CaaS) attacks expose the risk of third‑party actors monetising stolen access.
- State‑level networks often host critical public‑safety data; a breach can cascade to downstream vendors and service providers.
- The case highlights the importance of continuous monitoring of privileged‑access controls across supply‑chain relationships.
Who Is Affected — Government agencies (state & local), public‑safety IT service providers, any downstream vendors that integrate with the compromised network.
Recommended Actions —
- Review all third‑party contracts for privileged‑access clauses and enforce least‑privilege principles.
- Conduct a forensic audit of any connections to the Oregon emergency‑management system to confirm no lingering backdoors.
- Strengthen multi‑factor authentication and continuous monitoring for privileged accounts in all government‑related SaaS and on‑premise services.
Technical Notes — The attacker obtained admin credentials through an undisclosed exploitation method, then sold the access on underground forums. Personal identifying information was exfiltrated and used for identity‑theft. No specific CVE was cited. Source: SecurityAffairs