This is an interesting trail, from what I am reading VMWare was not necessarily the intended target. It all started with a dump of accounts from http://www.sina.com/, from these a group broke the hashes and started sifting through the accounts looking for items of interest.
That got them in to CEIEC ( see post http://www.ceiec.com/news/554 ). Interesting paper trail to cover in the story. I do find the posting interesting and I am not sure how to read it, the attack did not happen but they reserve the right to go after anyone who did it?