WASHINGTON – The Biden government is expected to formally accuse the Chinese government on Monday of violating Microsoft email systems used by many of the world’s largest corporations, governments and military companies, according to a senior civil servant. The United States will also organize a broad group of allies, including all NATO members, to condemn Beijing for cyberattacks around the world.

The official, who spoke on condition of anonymity, added that the United States would for the first time accuse China of paying criminal groups to carry out large-scale hacking, including ransomware attacks, to extort millions of dollars from businesses. In March, Microsoft pointed out hackers connected to the Chinese Ministry of State Security for exploiting vulnerabilities in the company’s email systems; the US announcement will give details of the methods used and it will be the first to suggest that the Chinese government has hired criminal groups to work on their behalf.

Condemnation by NATO and the European Union is unusual, as most of their member countries have been deeply reluctant to publicly criticize China as an important trading partner. But even Germany, whose companies have been hit hard by Microsoft Exchange hacking – email systems that companies manage themselves instead of putting them in the cloud – quoted the Chinese government for their work.

Despite the broadside, the announcement will lack concrete punitive measures against the Chinese government, such as sanctions such as those imposed by the White House on Russia in April for blaming the country for the widespread SolarWinds attack by US government agencies and more than 100 companies were affected.

By imposing sanctions on Russia and organizing allies to condemn China, the Biden government has been more immersed in a digital cold war with its two main geopolitical opponents than it has ever been in modern history.

While there’s nothing new about digital espionage from Russia and China – and Washington’s efforts to block it – the Biden administration has been surprisingly aggressive in calling both countries and organizing a coordinated response.

So far, however, it has not yet found the right mix of defensive and offensive measures to create an effective deterrent, say most external experts. And the Russians and Chinese have become more courageous. The SolarWinds attack, one of the most sophisticated ever discovered in the United States, was an attempt by Russia’s leading intelligence agency to modify code in widely used network management software to gain access to more than 18,000 companies, federal agencies, and think tanks.

China’s efforts weren’t as mature, but it took advantage of a vulnerability Microsoft hadn’t discovered and used it to spy and undermine confidence in the security of systems that organizations use for their primary communications. It took months for the Biden administration to develop a “high level of confidence” that the hacking of Microsoft’s email system was done at the behest of the Ministry of State Security, the senior administrative official said, backed by private actors previously supported by the Chinese Secret service hired.

The hacking attack affected tens of thousands of systems, including military contractors.

The last time China was caught by such large-scale surveillance was in 2014, when it stole more than 22 million security clearance files from the Office of Personnel Management, allowing a deep understanding of the lives of Americans released for national security to true secrets.

President Biden has promised to strengthen the government and make cybersecurity a focus of his summit in Geneva with Russian President Vladimir V. Putin last month. But his government has been wondering how it will address the growing threat from China, especially after the public exposure of Microsoft hacking.


July 16, 2021, 7:55 p.m. ET

Speaking to reporters on Sunday, the senior administration official admitted that public condemnation of China would do little to prevent future attacks.

“No action can change China’s behavior in cyberspace,” the official said. “And not just one country can act alone.”

But the decision not to impose sanctions on China was also significant: a step that many allies would not agree to.

Instead, the Biden government chose to bring together enough allies to join the public denunciation of China in order to maximize pressure on Beijing to contain the cyberattacks, the official said.

The joint statement on criticism of China to be made by the United States, Australia, Great Britain, Canada, the European Union, Japan and New Zealand is unusually broad. It is also the first such declaration by NATO publicly targeting Beijing for cybercrime.

The National Security Agency and the FBI are expected to release further details Monday on Chinese “tactics, techniques and procedures” in cyberspace, such as how Beijing is mandating criminal groups to carry out attacks for the financial benefit of its government, the official said.

The FBI took an unusual step with the Microsoft hacking: In addition to investigating the attacks, the agency obtained a court order that allowed it to penetrate unpatched company systems and remove code elements left behind by the Chinese hackers that could enable follow-up attacks. It was the first time the FBI acted to remedy an attack and investigate its perpetrators.