The US Justice Department charged three Chinese officials of running the hacking operation against systems around the world looking for, among other things, information on dangerous diseases like Ebola.
Such information about diseases could be used in biological warfare or for creating diseases like Covid-19.
Secretary of State Antony Blinken said that the US and its allies had "formally confirmed" that China's Ministry of State Security (MSS) used the vulnerabilities in the Microsoft Exchange Server "in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims".
Irresponsible, Disruptive Behavior
He said that they were "holding the People's Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilising behaviour in cyberspace, which poses a major threat to our economic and national security".
Blinken accused the MSS of promoting "an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain".
"These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll," he added.
The allies did not impose any direct sanctions on China similar to the ones imposed on Russia by the US.
But a senior administration official said: "We're not ruling out further actions to hold the PRC (Peoples Republic of China) accountable."
Ransomware Attacks
The attention to China comes after the focus so far on Russia-based hackers and media allegations that an Israeli company had provided spyware to several governments and other entities to spy on government officials, journalists and civil society activists.
However, there have been no reports of China carrying out massive ransomware attacks on the scale attributed to Russian actors who allegedly disrupted petroleum supply networks and meat distribution, in addition to hospitals and local governments.
The Chinese hack of Microsoft exposed millions of computer users to potential spying or disruption while avoiding overt actions like the Russia-based Revil's allegedly behind the dramatic ransomware attacks.
Beijing-linked hackers were reported to have penetrated US-government computers.
The officials charged by the Justice Department were linked to the Hainan Province Ministry of State Security.
Significantly the charges had been filed in May but had been kept secret till now.
Their operations from 2011 to 2018 targeted governments, universities and companies in 12 countries, according to court documents. (India was not listed among the countries attacked.)
Defense, Healthcare, Aviation and Shipping
They allegedly scoured the systems of information relating to defence, healthcare, aviation and shipping.
Deputy Attorney General Lisa Monaco said: "The breadth and duration of China's hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from health care and biomedical research to aviation and defence, remind us that no country or industry is safe."
A senior administration official, who briefed reporters about the Chinese hack, was asked for the delay in publicly disclosing it.
The official said that they wanted to have "high confidence" in their assessment and now had, in addition to network data, "malware signatures, other indicators of compromise" for confirmation.
In addition, the official said that they have been able to mobilise US allies in the coming out against China.