Cookie-Bite Chaos: The Hilarious Hijacking of Microsoft 365 via Cookie Theft!

The Cookie-Bite attack, a proof-of-concept by Varonis, uses a malicious Chrome extension to swipe session cookies from Azure Entra ID. This sneaky move bypasses MFA, granting attackers access to cloud services like Microsoft 365. It’s a reminder that when it comes to cybersecurity, trusting cookies can leave you with more than just crumbs.

3P
Published: April 22, 2025 3:06 pmAdded: April 22, 2025 at 8:33 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Is it a cyber attack or a cookie recipe gone wrong? Meet Cookie-Bite, the deliciously devious way to crumb-le your MFA defenses and make security teams cry over spilled milk (and stolen cookies)!

Key Points:

  • Cookie-Bite attack uses a Chrome extension to steal Azure session cookies.
  • Gets past MFA by replicating valid session tokens.
  • Targets ‘ESTAUTH’ and ‘ESTSAUTHPERSISTENT’ tokens.
  • Potentially modifiable for other services like Google and AWS.
  • Not detectable by security vendors yet, making it a stealthy threat.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?