The Chinese Foreign Ministry has asked the US for a "clear explanation" after claims the CIA had been hacking targets in China for at least 11 years.
The allegations were made by Qihoo, a well-known cyber-security firm based in Beijing.
The company said it had found evidence in malware suggesting the CIA had targeted airlines, petrol companies and government agencies.
The BBC has contacted the CIA for comment.
Qihoo said it had analysed malicious code and found similarities between it and information about alleged CIA hacking tools which was published three years ago.
Among other alleged targets of the hacking campaign were internet firms, scientific institutions and energy companies.
"We speculate that in the past 11 years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world," added Qihoo.
In recent years, we have become used to private cyber-security companies, and then Western governments, calling out espionage by other states - with China often in the firing line.
Many private cyber-security companies, though, are still wary of publicly linking a particular hacking group to a foreign state.
This new report is a sign that Chinese companies are willing to hit back at the US and the CIA.
One thing making it easier for them is the fact that the CIA lost control of some of its most sensitive hacking tools, which were leaked onto the web.
That allowed others to recognise them being used by the CIA - or, perhaps, by people using them to falsely implicate the US.
At times, reports by US cyber-security companies appear to have dovetailed with US policy. The same might be true in this case, as China seeks to push back.
China has urged the US to give a clear explanation of any hacking activities, and make cyber-space peaceful and safe.
In March 2017, a trove of documents was published by WikiLeaks, that appeared to reveal a number of CIA hacking tools.
The documents suggested the agency had developed ways of eavesdropping on smartphones and smart devices with built-in microphones.
"It is already known that the US has an offensive cyber-capability," said James Sullivan at the London-based Royal United Services Institute.
"Whether this particular example is true or not, it still raises questions about the ethics of offensive cyber and the licence to operate."