HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Romanian Hacker Sentenced to 4 Years 8 Months for Selling Access to Oregon State Emergency Management Network

Catalin Dragomir, a Romanian national, was sentenced after pleading guilty to selling unauthorized admin access to an Oregon state emergency‑management system and exfiltrating personal data. The case underscores the threat of credential‑as‑a‑service attacks on government‑level third‑party relationships.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 securityaffairs.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Romanian Hacker Sentenced to 4 Years 8 Months for Selling Access to Oregon State Emergency Management Network

What Happened — Catalin Dragomir, a 45‑year‑old Romanian national, pleaded guilty to selling unauthorized admin access to an Oregon state emergency‑management network and other U.S. government systems. He advertised the foothold, accepted a $3,000 Bitcoin payment, and provided samples of personal identifying information (PII) from the compromised computer.

Why It Matters for TPRM

  • Credential‑as‑a‑service (CaaS) attacks expose the risk of third‑party actors monetising stolen access.
  • State‑level networks often host critical public‑safety data; a breach can cascade to downstream vendors and service providers.
  • The case highlights the importance of continuous monitoring of privileged‑access controls across supply‑chain relationships.

Who Is Affected — Government agencies (state & local), public‑safety IT service providers, any downstream vendors that integrate with the compromised network.

Recommended Actions

  • Review all third‑party contracts for privileged‑access clauses and enforce least‑privilege principles.
  • Conduct a forensic audit of any connections to the Oregon emergency‑management system to confirm no lingering backdoors.
  • Strengthen multi‑factor authentication and continuous monitoring for privileged accounts in all government‑related SaaS and on‑premise services.

Technical Notes — The attacker obtained admin credentials through an undisclosed exploitation method, then sold the access on underground forums. Personal identifying information was exfiltrated and used for identity‑theft. No specific CVE was cited. Source: SecurityAffairs

📰 Original Source
https://securityaffairs.com/192770/cyber-crime/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →