The United States, European Union, NATO and other world powers on Monday accused the Chinese government of a broad array of malicious cyber activities, blaming its Ministry of State Security and affiliated criminals for a sophisticated attack on Microsoft’s widely used email server software earlier this year.

The condemnations represent the first time NATO, a 30-nation alliance, has denounced alleged Chinese cyberattacks following the Biden administration’s pledge in June to rally U.S. allies against Beijing’s malign behavior. The number of nations involved amounts to the largest condemnation of China’s cyber aggressions to date, U.S. officials said.

The joint statements stopped short, however, of punishing China for its alleged actions, exposing the challenge of confronting the world’s second-largest economy by an alliance with deep business ties there.

China’s “pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” the White House said in a statement Monday.

This is the first time Washington and other U.S. allies have assigned blame for the Microsoft Exchange hack, which compromised more than 100,000 servers worldwide. Microsoft alleged in March that its Exchange servers were compromised by a Beijing-backed hacking group that exploited several previously unknown flaws in the software.

By singling out China’s Ministry of State Security (MSS) and hackers operating “with its knowledge,” the United States and its allies are seeking to put forward a common cyber approach with allies and lay down “clear expectations on how responsible nations behave in cyberspace,” said a senior administration official speaking on the condition of anonymity in advance of the allies’ collective statements under ground rules set by the White House. Administration officials have raised concerns with senior Chinese officials about the Microsoft incident and broader malicious cyber activity, “making clear that [China’s] actions threaten security, confidence, and stability in cyberspace,” the official said.

Merely affixing blame but failing to impose a consequence will not deter future activity, said some analysts.

“The lack of any sanctions by the U.S. government against Chinese cyberthreat actors is a huge problem that transcends four administrations,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a think tank. He noted that the European Union, which has lagged the United States in publicly attributing cyberattacks to foreign governments, last year imposed the first cyber sanctions against two Chinese nationals and a Chinese company for a supply-chain hack known as Cloudhopper.

“We need to stop treating China as if they have a special immunity to being held accountable, and we need to act in parity as we have with the other major malicious cyber actors, including Russia,” Alperovitch said.

The Biden administration is “not ruling out further action to hold [China] accountable,” said the senior administration official. “We’re also aware that no one action can change behavior, and neither can one country acting on its own,” the official added. “So we really focused initially on bringing other countries along with us.”

The allies and partners are also condemning Beijing for working with criminal hacker groups involved in ransomware attacks, which lock down computer systems pending payment, including at least one effort to extort a U.S. company for millions of dollars, said the official. Cybersecurity analysts have tracked ransomware attacks by Chinese criminals for years, and these incursions are generally not of the same scale as those conducted by Russia-based hackers.

“Showing how the MSS is using criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit … is very significant,’’ the official said.

The official added that Washington and its allies would be exposing “50 tactics, techniques and procedures Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, along with advice for technical mitigations to confront this threat.”

The European Union denounced “malicious cyber activities” emanating from China in its statement on Monday, saying the actions are “in contradiction with the norms of responsible state behavior.” NATO said it stood in solidarity with allies Canada, Britain and the United States in attributing the attack to China and called on all countries, including China, to act “responsibly” in cyberspace.

For much of January and February, the Chinese theft of email seemed stealthy and targeted, analysts said. Then suddenly in late February, shortly before Microsoft issued a patch to address the vulnerability, the illicit activity exploded. Hackers seemed to be dropping “webshells” — malware designed to install a backdoor into targeted systems — on anyone running an Exchange server. Some 140,000 servers were hit worldwide, White House deputy national security adviser Anne Neuberger said recently. The victims were mostly small- to medium-sized businesses, but no federal agencies.

The U.S. government initially feared the campaign could result in other hackers taking advantage of the vulnerabilities to carry out ransomware attacks. At the White House’s urging, Microsoft released a second patch — a “one-click” tool that was easier to deploy — and the administration made a concerted communications push to encourage businesses to install it. That brought the number of affected servers down from 140,000 to fewer than 10,000 in the space of a week, Neuberger said.

In April, the Justice Department and FBI launched for the first time an operation, using a court order, to remove hundreds of webshells that remained on certain U.S.-based computers still running Microsoft Exchange software. “We believe it reduced the Chinese ability to sneak back in and conduct more disruptive activity,” the official said.

Separately, the Justice Department on Monday announced indictments against three MSS officers whom the United States has tied to hacking schemes targeting companies, universities and government entities in other countries, allegedly to benefit Chinese research and development work.

Devlin Barrett contributed to this report.