The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites. This is just the latest in a long-running operation that goes back as far as 2014, when the same threat actors also targeted the Central-Asian countries of Kyrgyzstan and Uzbekistan. Using the legitimate Dropbox API helps to mask the malicious traffic in the target s network, researchers said, given that there are no communications with oddball websites showing up.
Source: https://threatpost.com/dropbox-malware-ongoing-spearphishing-cyberespionage/167402/