March 5 (UPI) — The Treasury Department on Wednesday designated Chinese businessman Zhou Shuai as a a malicious cyber actor and data broker.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) alleged Wednesday that Shuai, based in Shanghai and owner of Shanghai Heiying Information Technology Company, Limited, “illegally acquired, brokered, and sold data from highly sensitive U.S. critical infrastructure networks” in collaboration with Yin Kecheng, another designated cyber actor deemed malicious and who has already been sanctioned by the U.S.

In a press release, OFAC stated that since at least 2018, Shuai has been selling illegally transferred data and access to compromised computer networks acquired by Kecheng, an employee of Shanghai Heiying. Kecheng’s previous sanctioning stemmed from his alleged involvement in a 2024 compromise of the Department of the Treasury’s network. The two are accused of together victimizing “technology companies, a defense industrial base contractor, a communications service provider, an academic health system affiliated with a university, and a government county municipality.”

Shuai also was allegedly working in 2020 from a set of intelligence requirements that targeted data types related to border crossing, personnel in religious research, telecommunications, public servants and media industry personnel within the United States, Russia and Western Europe. He is said to have gained this information via the intelligence services of the Chinese Communist Party and then brokered the sale of documents stolen from a U.S.-cleared defense contractor in early 2021.

Shuai has been designated “responsible for or complicit in, or having engaged in, directly or indirectly” activities related to hacking computers belonging to Americans, the U.S. government and an ally of the U.S.

The designation levied against Shuai, Kecheng and Shanghai Heiying means that all related property and interests within the United States must be blocked and reported to OFAC, as are 50% or more of any entities belonging to either man in any way. The sanctions also make any transactions with the men or their interests or property illegal, and anyone or any financial institutions violating these sanctions may suffer civil or criminal penalties, whether they be American or otherwise.

“Today’s action underscores our resolve to hold accountable malicious cyber actors like Zhou who continue to target U.S. government systems, the data of U.S. companies, and our citizens,” Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said.