Where I am, is a lot less on the "secret agent" / James Bond side of things, and a lot more on social engineering.
Two vectors were talked about.
Vector 1: Middle East. Some guys decided they wanted to be insurgents, but didn't have explosives experience and really didn't want to be shot at. So instead, they loaded up viruses on a bunch of hardware (external drives, thumb drives, etc) and sold it to soldiers. Said soldiers then turned around and used these drives on not only their personal computers, but also on Unclass and Classified systems, where it quickly spread because of bad IS/IA policies.
Vector 2: Pentagon area. Similar situation, but instead of selling pre-infected items, some foreign power just left a lot of pre-infected thumb drives around various coffee shops, etc. While some were turned in to lost and found, others were picked up by people who said, "Hey! Free thumb drive!" and proceeded to use them at work and at home. And when work was in a government office that, again had poor IS/IA policies, suddenly you've got computers opening holes in firewalls and transmitting data out.
Hence the big change in policy, to ban thumb drives, turn off auto-run, etc.