SessionShark, a newly discovered ph!shing-as-a-service (PhaaS) kit, is targeting Microsoft Office 365 accounts with a highly deceptive and effective approach. This adversary-in-the-middle (AiTM) tool is capable of intercepting login credentials and live session tokens — enabling attackers to bypass MFA and take over accounts in real time.

Key Threats to Be Aware Of:

• Session hijacking: Attackers intercept session tokens after MFA is completed, granting them full access.
• Deceptive ph!shing pages: The fake login pages mimic Office 365 interfaces and adapt dynamically for greater believability.
• Instant exfiltration: SessionShark sends captured credentials directly to attackers via Telegram integration — faster than traditional security tools can react.
• Advanced evasion techniques: From antibot CAPTCHA challenges to Cloudflare proxying, this kit is designed to evade detection and takedown efforts.

Why It Matters to You and Your Clients
Even with MFA in place, SessionShark demonstrates that ph!shing attacks are evolving — and traditional defenses are no longer enough. This is a wake-up call: static protection won’t cut it in today’s threat landscape.

✅ How SOCSoter Helps

We continuously update detection logic to account for emerging ph!shing kits like SessionShark.Stay vigilant. Educate users. And rely on SOCSoter for real-time protection that adapts as fast as attackers do.

Our Multi-Signal MDR platform can detect behavioral anomalies and real-time token misuse, closing the gap MFA leaves open.

Proactive threat hunting and 24/7 SOC monitoring ensures suspicious login behavior or token reuse is caught before damage is done.