Oregon 2021 State Network Unauthorized Access

The Oregon state government's emergency management network was compromised through unauthorized administrative access obtained by a Romanian national. The attacker gained access in June 2021 and subsequently advertised and sold this access for $3,000 in Bitcoin, repeatedly accessing the network to demonstrate control to potential buyers. The breach involved administrative-level privileges to critical state infrastructure, though specific data types exfiltrated were not detailed in available reporting.

The attack chain began with initial unauthorized access to the Oregon state emergency management network, though the specific initial access vector was not disclosed. The threat actor, identified as Catalin Dragomir (45) from Romania, maintained persistent access and demonstrated control through repeated network entries. The attacker monetized the access by selling administrative credentials on underground markets, with transactions conducted in cryptocurrency to obscure financial trails.

The U.S. Department of Justice secured a guilty plea from the Romanian national for selling unauthorized access to government computer systems. The legal proceedings occurred in U.S. federal court, with the defendant admitting to criminal charges related to computer intrusion and unauthorized access for financial gain.