Public-record threat-intelligence reports, BIRJA-symmetric concurrent notifications, and other operational disclosures.
Investigative threat-intelligence report on sustained reconnaissance activity from AS211590 (Bucklog SARL, France-hosted Kubernetes-as-a-Service) targeting NIGHTBOX public infrastructure and the broader n8n workflow automation customer base under CVE-2026-21858. Concurrent identical-content filing to US (FBI Cyber Division + Counterintelligence Division + CISA) and Russian Federation (FSB Counterintelligence Service + НКЦКИ).
Contains: STIX 2.1 indicator bundle (AIS-ingestable), MITRE ATT&CK mapping, Diamond Model attribution, Lockheed Martin Cyber Kill Chain stage assessment, Suricata/Splunk/Elastic/KQL hunting queries, internal-tool pivot guidance for both recipient agencies. Open-source corroboration via GreyNoise Labs public report 2026-02-03.
NIGHTBOX issues public-record threat-intelligence reports under the publicly published Foreign Interference Threat Doctrine. Each report is BIRJA-symmetric — identical factual content is delivered concurrently to the counterintelligence apparatus of both the United States and the Russian Federation, with no information arbitrage between sides.
Reports are TLP:CLEAR (public republication permitted) and CC BY 4.0 licensed. NIGHTBOX makes no claim of confidentiality or proprietary rights over report content; recipients may freely cite, redistribute, ingest into threat-intelligence platforms, or use as evidentiary basis for further investigation.
The public incidents log (JSON Feed v1.1, backed by Neon Postgres dynamic feed) tracks all approved-for-publication doctrine-tier T2+ events. Privacy-preserving — IP addresses, User-Agents, JA4 fingerprints, and detection methodology are never exposed publicly.