The United States, several allies and partners and NATO are joining forces to “expose and criticize” China for a “pattern of malicious cyber activities,” announcing on Monday that China is profiting off some of the cyberattacks it's supported, and officially saying it was behind the Microsoft Exchange server breach in March.

       “We will show how the PRC [People's Republic of China] MSS, Ministry of State Security, uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” senior administration officials said on a call with reporters Sunday night. “Their operations include criminal activities such as cyber-enabled extortion, cryptojacking and theft of victims around the world for financial gain.

       Officials said they also know of some “government-affiliated cyber operators conducting ransomware operations against private companies that have included ransom demands of millions of dollars.”

       MORE: Blinken meeting European allies to brief on Putin summit, rally to counter China

       Senior officials said they found the MSS-affiliated ransomware attacks to be “surprising” and gave them “new insights” into how the MSS operates and the “aggressive behavior” coming out of China.

       Michel Euler/AP

       FILE - This April 12, 2016, file photo shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. Tech giant Microsoft said Thursday, July 15, 2021, it has blocked tools developed by an Israeli hacker-for-hire company that were used to spy on more than 100 people around the world, including politicians, human-rights activists, journalists, academics, and political dissidents.

       Asked how the tactics from the Chinese differ from similar attacks they see coming out of Russia, senior officials said they sometimes see “some connection” between Russian intelligence services and individuals, but “the MSS use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct.”

       Joining the U.S. in this public announcement is the European Union, United Kingdom, Australia, Canada, New Zealand, Japan and NATO. It’s the first time NATO has condemned Chinese cyber activities.

       MORE: Cybersecurity experts break down a cyberattack as they become increasing threat

       The FBI, NSA and the Cybersecurity and Infrastructure Security Agency released a list Monday of tactics, procedures and techniques used by Chinese state-sponsored cyber actors.

       Among the trends, officials say these actors are “using a revolving series of virtual private servers (VPSs) and common open-source or commercial penetration tools.” They are also accused of looking for ways to exploit vulnerabilities in major applications, like “Pulse Secure, Apache, F5 Big-IP, and Microsoft products.”

       MORE: Why ransomware cyberattacks are on the rise

       The advisory also states that they are using a “full array of tactics and techniques to exploit computer networks of interest worldwide and to acquire sensitive intellectual property, economic, political, and military information.”

       Jenny Kane/AP

       FILE - This Feb 23, 2019, file photo shows the inside of a computer. The Biden administration will offer rewards up to $10 million for information leading to the identification of foreign state-sanctioned malicious cyber activity against critical U.S. infrastructure, including ransomware attacks. The administration is launching the website stopransomware.gov to offer the public resources for countering the threat.

       “Countries around the world are making it clear that concerns regarding the PRC malicious cyber activity is bringing them together to call out those activities, promote network defense in cybersecurity, and act to disrupt threat to our economies and national security," a senior administration official said.

       MORE: More than 1,000 companies worldwide hit by latest cyber attack

       The group will also formally attribute the Microsoft Exchange server cyberattack in March to China’s Ministry of State Security (MSS) “with high confidence.”

       Asked what caused the delay for the U.S. to officially point to China for that attack, a senior administration official said they wanted to work with allies and partners because victims of this attack were not just in the U.S.

       Officials said they have raised these incidents with senior Chinese government officials and “are not ruling out further actions to hold the PRC accountable,” adding that their actions “threaten security, confidence and stability in cyberspace.”