I'd have to assume this goes on in multiple directions. The Chinese won't issue a press release when they find out they've been hacked, but that doesn't mean it doesn't happen.

I pity the poor schmuck who has to read the take from the UN.

Noted this in the Vanity Fair piece:

Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.
What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.