The United States, Britain and New Zealand have accused Beijing-backed cyber groups of being behind a series of attacks on lawmakers and key democratic institutions - claims that have drawn angry Chinese denials.
In rare and detailed public accusations against China, Washington, London and Wellington described a series of cyberattacks over the past decade or more that appeared to be a concerted effort to hold Beijing accountable.
The US Justice Department has indicted seven Chinese nationals in what it says is a 14-year "prolific global hacking operation" designed to further China's "economic espionage and foreign intelligence objectives".
Deputy Attorney General Lisa Monaco said the campaign involved the sending of more than 10,000 emails targeting American and foreign businesses, politicians, candidates for office and journalists.
Washington said a unit called APT31 was behind the attacks, describing it as a "cyber espionage program" run by China's powerful Ministry of State Security from the central city of Wuhan.
Hackers gained access to "email accounts, cloud storage accounts and phone call records," the Justice Department said, monitoring some accounts for "years."
Hours later, London reported that in 2021-2022, the same APT31 group had targeted the accounts of British lawmakers, including many critical of Beijing's policies.
With Britain's general election expected to be held in a few months, Britain's Deputy Prime Minister Oliver Dowden also made the shocking announcement that a "Chinese state-linked entity" may have "compromised" the country's electoral commission.
He said both campaigns against lawmakers and the Election Commission, while a "real and serious threat", were ultimately thwarted.
"It will not affect how people register, vote or otherwise participate in the democratic process," Dowden said.
Two individuals and one company linked to APT31 were hit by UK sanctions.
In a parallel announcement, New Zealand said its Office of Parliamentary Counsel, which drafts and publishes laws, was compromised around the same time.
New Zealand, usually one of China's strongest supporters in the West, blamed the attack on China's "state-sponsored group" APT40.
Newly elected centre-right Prime Minister Christopher Lacson admitted it was a "big step" to blame the cyber attack on China, his country's biggest trading partner.
New Zealand's foreign minister, Winston Peters, said he had instructed diplomats to "talk to the Chinese ambassador today, lay out our position and express our concern".
"That conversation has already taken place," he said.
In recent years, Western countries have become increasingly willing to expose malicious cyber operations and point the finger at foreign governments - most notably China, Russia, North Korea and Iran.
However, China reacted angrily to the accusations, with its embassies in London, Wellington and Washington issuing denunciations.
"The UK's fanfare of so-called 'Chinese cyber attacks' without justification and the announcement of sanctions is blatant political manipulation and malicious slander," the Chinese embassy in London said.
China has "never encouraged, supported or patronized cyber-attacks," the embassy said.
So was the message from Wellington, where the Chinese embassy accused its hosts of "completely barking up the wrong tree".
"Actually, China is the main victim of cyber attacks," the embassy said.
Both Russia and China have been accused of using insiders and outside groups to carry out cyberattacks, making it difficult to assign blame.
Conservative MP Ian Duncan Smith said Beijing should be declared a threat to the country.
He was one of several British MPs sanctioned by China in 2021 for criticizing human rights abuses against the Uyghur minority in China and Hong Kong.
Britain and the United States have extensive cyber operations of their own, although they rarely acknowledge them publicly.
The two countries, along with New Zealand, Australia and Canada, are part of the FiveEyes intelligence-sharing network. /BGNES