Vice-president of threat research and detection at Proofpoint, Sherrod DeGrippo, said Red Ladon (otherwise known as TA423) posed one of the world's biggest threats to cyber security.
"They support the Chinese government in matters related to the South China Sea, including during the recent tensions in Taiwan,'' DeGrippo said, admitting early analysis has not yet revealed how successful the scam was.
"This group specifically wants to know who is active in the region and while we can't say for certain, their focus on naval issues is likely to remain a constant priority in places like Malaysia, Singapore, Taiwan, and Australia.
"Proofpoint blocks these threats when they're detected in email against our customers. What may happen or damages that may occur if the threat actors get access via another method or if they are attempting delivery via another means is not something we can speak to."
Proofpoint, working closely with PwC, said Red Ladon hackers have been targeting sensitive information both in Australia and overseas.
"These targets regularly included military academic institutions, as well as local and federal government, defence, and public health sectors,'' Proofpoint said in a report.
The shady hacking group also attempted to breach Cambodia's National Election Commission in the lead-up to the nation's federal election four years ago.
"Red Ladon's 2018 ScanBox activity targeting Cambodia involved domains masquerading as news websites and targeted high-profile government entities,'' the report said.
"One of the ScanBox server domains used in that campaign, mlcdailynews[.]com, hosted several articles about Cambodian affairs and US and East Asia relations, for which contents were copied from legitimate publications (Khmer Post, Asia Times, Reuters, Associated Press).
"These were likely used as lures in phishing emails to convince targets to follow malicious links to the actor-controlled ScanBox domain."