AhnLab ASEC describes APT attacks that rely on cloud services such as Google Drive, OneDrive, and Dropbox to host malicious scripts, decoy documents, and RAT payloads. The infection chain uses lure files such as LNK shortcuts and cloud-hosted components that can collect information, download additional malware, and complicate detection because attacker-controlled files are staged through legitimate cloud infrastructure.