China's Ministry of State Security (MSS) "has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain," US Secretary of State Antony Blinken said in a statement that blamed the MSS for the Microsoft Exchange hacks. The US government and its allies "formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims," Blinken said.
Blinken's statement was released alongside a Justice Department announcement that three MSS officers and one other Chinese national were indicted by a federal grand jury on charges related to a different series of hacks into the "computer systems of dozens of victim companies, universities, and government entities in the United States and abroad between 2011 and 2018." Blinken said that the US "and countries around the world are holding the People's Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security."
The US did not announce any new sanctions against China, but Blinken said the indictment is evidence that "the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace."