292/69 Friday, May 29, 2026
The U.S. Department of Justice (DoJ) announced that a 45-year-old Romanian hacker has been sentenced to four years and eight months in prison, followed by three years of supervised release. The sentence stems from unauthorized intrusions into the network of an emergency management agency in the State of Oregon in 2021, as well as other cyberattacks against victims in the United States. This case highlights the serious impact of unauthorized access to networks, particularly those belonging to public agencies, and demonstrates that international law enforcement authorities are actively pursuing transnational cybercriminals and bringing them to justice to protect critical national infrastructure.
According to the reported details of the attack, the perpetrator gained unauthorized administrator-level access to the government agency’s network in June 2021. He then advertised and sold the access on a dark web marketplace, agreeing to a transaction worth USD 3,000 in Bitcoin. The perpetrator repeatedly logged into the system to prove that he had actual control over the network and extracted samples of personally identifiable information (PII) to demonstrate the value of the access to potential buyers. His actions also caused damage to the networks of other organizations, with total losses exceeding USD 250,000. Around the same period, U.S. authorities also prosecuted another Romanian hacker who had been extradited in connection with a case involving the compromise of VoIP phone systems for financial fraud, further underscoring the wide range of cyber threats and the continued efforts to dismantle malicious cyber activity.
This incident demonstrates the risks associated with the illegal sale and purchase of system access or administrator privileges, which remains a common threat in today’s cyber landscape. System administrators and organizations should urgently review and strengthen their cybersecurity measures, particularly by enforcing multi-factor authentication (MFA) for all administrator accounts and critical systems. They should also regularly review access logs to detect unusual activity. In addition, organizations should consider implementing network segmentation and encrypting sensitive data to limit the scope of potential damage and prevent data leakage before an attack occurs.