This is their report from last year on what kind of defense contractors are being targeted and why. (PDF Warning 2011-unclassified-trends.) Social engineering has generally always been the weakest link in a good secure system, but can still be deterred with strict security policies. It's not really a matter of if you'll get infected, but a matter of when. I've heard of incidents where companies have been infected for months without realization before the FBI stepped in to stop the further transmission of gigabytes of sensitive information.
If you think you or your company has been infected by foreign or domestic threats, go ahead and contact your local FBI office. They'll work with you in a cooperative investigation and guide you to prevent a similar incident from reoccurring. Despite what the movies show, the FBI does not come in and just take control of your network. You're still in charge and nothing happens without your consent.