An attacker compromises a company's cloud storage service by stealing its synchronization token instead of traditional login credentials. This allows the attacker to access and sync files without triggering multi-factor authentication (MFA) or login alerts. The company remains unaware of the breach since the attacker continues to receive updated files automatically. What type of attack has occurred?