But the decision not to impose sanctions on China was instructive. Given China’s deep economic ties with the United States, an escalation of sanctions and counter-sanctions for Beijing would be easy to develop. And there was a feeling within the Biden administration that China was exploiting a vulnerability in Microsoft’s case instead of creating a new one, as the Russians did in the SolarWinds attack.
Instead, the Biden government decided to bring together enough allies to join the public denunciation of China in order to maximize pressure on Beijing to contain the cyberattacks, the official said.
The joint statement on criticism of China was made by the United States, Australia, Great Britain, Canada, the European Union, Japan and New Zealand. It was also the first such declaration by NATO to publicly target Beijing for cybercrime.
The European Union on Monday condemned “malicious cyber activities” from Chinese territory, but stopped denouncing the Chinese government’s responsibility.
“This irresponsible and harmful behavior has resulted in security risks and significant economic losses for our government institutions and private companies and has shown significant spillover and systemic effects on our security, economy and society as a whole,” said Josep Borrell Fontelles, EU foreign policy chief, said in an explanation. “These activities can be linked to the hacking groups,” the statement said.
Mr. Borrell urged the Chinese authorities “not to use his territory for such activities” and “take all appropriate measures and steps reasonably available and feasible to uncover, investigate and remediate the situation.”
The National Security Agency, the F.B.I. and the Cybersecurity and Infrastructure Security Agency also issued a warning Monday that Chinese hacking poses a “great threat” to the United States and its allies. China’s goals include “political, economic, military, and educational institutions, and critical infrastructures.”