Britain has accused China of a massive programme of industrial espionage in a “widespread and significant” campaign of “cyber intrusions” against the UK and its allies.
The Foreign Office said hackers acting on behalf of the Chinese Ministry of State Security were stealing commercial secrets from firms in Europe, Asia and the US.
Officials said their activities were so extensive, they were “putting at risk” economic growth in the UK and the wider global economy.
Foreign Secretary Jeremy Hunt said the attacks were in direct breach of assurances given by the Beijing government to the UK in 2015 as well as commitments made at the G20.
“This campaign is one of the most significant and widespread cyber intrusions against the UK and its allies uncovered to date, targeting trade secrets and economies around the world.
“These activities must stop,” he said.
“Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld.”
The National Cyber Security Centre (NCSC) said it had assessed with the “highest level of probability” that the attacks were carried out by a group known as ATP 10.
The Foreign Office said the group had conducted a “malicious” and “sustained” campaign targeting a range of global companies, and that it was “almost certainly” continuing to steal valuable commercial secrets.
“There will have been economic damage to UK plc as a result of this campaign. We will have lost corporate secrets as a result,” one official said.
The announcement came as the US Justice Department said it was charging two Chinese citizens with an extensive hacking campaign to steal data from American companies.
In an indictment unsealed on Thursday, prosecutors said Zhu Hua and Zhang Shillong were acting on behalf of China’s main intelligence agency.
Court papers filed in Manhattan federal court alleged they were able to breach the computers of more than 45 entities in 12 states. The victims were in a variety of industries from aviation and space to pharmaceutical technology.
Officials said they had been raising the activities of ATP 10 with the Chinese government for the past two years, including during Theresa May’s visit to Beijing in February.
“We have not got the results that we have been asking for as a result of that private engagement. That is why we are taking this action now,” one official said.
According to an updated technical note on the NCSC website, ATP 10 – also known as Stone Panda, MenuPass and Red Apollo – has been active since at least 2009.
The group, based in the city of Tianjin, was said to have targeted the defence, aerospace, healthcare and mining sectors for the “likely purpose of intellectual property theft”.
In 2017, it attacked a number of global managed services providers (MSPs) in a campaign known as Cloud Hopper which gave it extensive access to the networks of organisations around the world.
The companies affected by the attacks have not been named and officials warned the it was impossible to assess how far they had penetrated.
“It is the very widespread targeting and sometimes deep penetration of globally significant companies. The tentacles of this campaign are vast,” one official said.
“You can see the initial intrusion but it becomes harder to track secondary and tertiary intrusions, so there is an element about this technically which we will not know.”
The latest attacks were said to have exposed weaknesses in the cyber security measures in the firms which have been targeted – some of them household names.
Cabinet Office Minister David Lidington, Mrs May’s de facto deputy, is to summon an industry summit in the new year to talk businesses through the actions they need to take to strengthen their defences.