The Biden administration has accused the Chinese government of teaming up with criminal gangs to commit widespread cyber attacks, including one on Microsoft this year that affected tens of thousands of organisations.

The US on Monday issued an alert to government bodies and private companies that accused Beijing of a pattern of attacks that had involved extortion and theft. The warning added that people affiliated with the Chinese government had conducted ransomware attacks on private companies that included demands for millions of dollars. 

The Biden administration’s blunt criticism was made alongside a coalition of allies, including the EU, UK, Australia, Canada, New Zealand, Japan and Nato.

The European Council said on Monday that EU member states stood by Washington’s assessment that China had been responsible for the Microsoft Exchange hack.

“This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spillover and systemic effects for our security, economy and society at large,” the council said in a statement.

The statement added that the council had detected “malicious cyber activities” by Chinese hacking groups APT40 and APT31 targeting government institutions and political organisations in the EU as well as European industries “for the purpose of intellectual property theft and espionage”.

Dominic Raab, UK foreign secretary, described the Microsoft Exchange hack as a “reckless but familiar pattern of behaviour”.

“The Chinese government must end this systematic cyber sabotage and can expect to be held to account if it does not,” he said.

The UK has also called on China to reaffirm its commitments during the G20 not to “conduct or support” cyber theft of intellectual property or trade secrets.

The move by the US marked a new front in Washington’s battle against a rising tide of ransomware attacks, which have largely been blamed on gangs believed to be operating out of Russia.

A senior administration official said: “[China’s] MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit.

“Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain.”

The official added that the US had a “high degree of confidence” that attackers on the MSS payroll had carried out the offensive on Microsoft’s Exchange email application, which was disclosed in March. One cyber security researcher claimed it hit at least 30,000 organisations, including businesses and local governments.

Cyber attacks have proliferated during the pandemic as hackers exploited vulnerabilities exposed by employees working remotely.

The US has come under increasing pressure to take action. President Joe Biden warned his Russian counterpart Vladimir Putin this month that Moscow would face consequences if it failed to act against ransomware attackers, who typically seize a company’s data or systems and demand payment to release it.

Biden’s threat followed highly disruptive ransomware attacks on companies including Colonial Pipeline, which was forced to close temporarily, and JBS, the world’s largest meat processor.

US officials also said they were “surprised” to find that individuals affiliated with China’s MSS were behind a ransomware hit in which hackers demanded millions of dollars from an unnamed US company.

Monday’s alert was the starkest warning from Washington that Beijing was to blame for widespread malicious cyber activity.

One senior administration official said: “The PRC’s pattern of irresponsible behaviour in cyber space is inconsistent with its stated objective of being seen as a responsible leader in the world.”

The officials did not state which particular group of hackers or contractors were responsible for the attacks.

The US justice department charged five Chinese citizens last September for hacking more than 100 companies globally as part of a state-backed group known as APT41.

Experts said the group was unusual in that it carried out sophisticated espionage campaigns as well as criminal ventures. Justice department officials at the time accused Beijing of allowing cyber criminals to operate with impunity if they also helped state authorities.

Separately, China came under fire last summer from US agencies including the FBI, which warned that Beijing and its affiliates were attempting to steal coronavirus research by hacking healthcare, pharmaceutical and research groups.