The Scattered Spider threat group in recent months has been targeting software-as-a-service (SaaS) applications for data theft and leveraging virtualization platforms for persistence.