In a previouse posting, Password Security, I mentioned that the non-governmental organization for which I volunteer, had at least one server (I don't know the extent) hit by multiple viruses that were determined to have originated in China. From Slashdot.org:
Posted by Unknown Lameron Wednesday June 13, @01:09PM
from the retaliation-for-stuxnet dept.
Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."