But the decision not to impose sanctions on China was telling. Given the depth of China’s economic interdependence with the United States, an escalation of sanctions and countersanctions would be easy for Beijing to develop. And there was a sense inside the Biden administration that in the Microsoft case, China was exploiting a vulnerability rather than creating a new one, as the Russians did in the SolarWinds attack.
Instead, the Biden administration settled on corralling enough allies to join the public denunciation of China to maximize pressure on Beijing to curtail the cyberattacks, the official said.
The joint statement criticizing China was issued by the United States, Australia, Britain, Canada, the European Union, Japan and New Zealand. It was also the first such statement from NATO publicly targeting Beijing for cybercrimes.
The European Union on Monday condemned “malicious cyberactivities” undertaken from Chinese territory but stopped short of denouncing the responsibility of the Chinese government.
“This irresponsible and harmful behavior resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spillover and systemic effects for our security, economy and society at large,” Josep Borrell Fontelles, the E.U.’s foreign policy chief, said in a statement. “These activities can be linked to the hacker groups,” the statement added.
Mr. Borrell called on Chinese authorities not to allow “its territory to be used” for such activities, and to “take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”
The National Security Agency, the F.B.I. and the Cybersecurity and Infrastructure Security Agency also issued an advisory on Monday warning that Chinese hacking presented a “major threat” to the United States and its allies. China’s targets include “political, economic, military and educational institutions, as well as critical infrastructure.”