Here's my guess. Google initially detected an attack coming from Chinese IP ranges and subsequently checked what other requests the IPs had made.
This is what led to the accounts that were accessed not "through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers".
Although they mention gmail in the statement, the expansion to other industries is made on the Google Enterprise blog (mainly aimed at promoting Google Apps to large companies), so it seems likely the same Chinese IPs accessed users of Google Apps.
So this isn't the Chinese government targeting other industries so much as dissidents that might work there. Google's statement still seems consistent to me, although they have shied away from mentioning Google Apps.
That's the six hundred million dollar question in my mind.
How exactly did Google know that those other institutions were under attack?
Unless the attack resulted in rooted Google machines that then attacked outward, or all those institutions were running on Google Apps.
Major institutions running on Google Apps seems unlikely (Are any major institutions outside of academia running Google Apps hosted by Google?). And attacking outward from a rooted box inside Google's network seems careless, unless the attackers were leveraging some dedicated pathways that made their job easier. Which suggests the breach was far more serious than indicated.
Google's security team eventually managed to gain access to a server that was used to control the hacked systems, and discovered that it was not the only company to be hit.
Sorry, I could have made my original comment clearer. I don't think there were any other IP addresses accessed.
The "other industries" that were involved were using Google Apps, so Google has access to those records. That's why they have to inform the other companies their security was breached: the traffic did go through Google so they're the only ones who know about it.
This is what led to the accounts that were accessed not "through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers".
Although they mention gmail in the statement, the expansion to other industries is made on the Google Enterprise blog (mainly aimed at promoting Google Apps to large companies), so it seems likely the same Chinese IPs accessed users of Google Apps.
So this isn't the Chinese government targeting other industries so much as dissidents that might work there. Google's statement still seems consistent to me, although they have shied away from mentioning Google Apps.