The Scattered Spider hacking group has shifted its focus from ransomware to data theft from cloud-based software-as-a-service (SaaS) applications, using social engineering tactics and exploiting privileged access to compromise corporate environments.