📄 Original Report (PDF): Download EQST Insight 2025 August →
The August 2025 EQST Insight focuses on the growing threat of unsanctioned AI tools in manufacturing environments, a ransomware campaign targeting Korea’s financial sector, and the third instalment of EQST’s Zero Trust Security Strategy series covering system-level controls.
Headline: Shadow AI — Detection, Control & Governance for Manufacturing
Employees in manufacturing environments are increasingly adopting AI tools — from LLM assistants to AI-powered design platforms — without formal approval, creating what security teams call “Shadow AI.” Unlike Shadow IT (unsanctioned software), Shadow AI introduces additional risks: sensitive manufacturing IP, production schematics, and proprietary formulas may be submitted to third-party AI services as part of normal prompting. EQST outlines a three-layer response: visibility (cataloguing all AI endpoints employees connect to), control (network-level blocking of unapproved AI services), and governance (an approved AI tool catalogue with clear acceptable use policies). Manufacturing firms should treat confidential data submitted to AI platforms as a data exfiltration risk and apply DLP controls accordingly.
Keep Up with Ransomware: Gunra — Targeting Korea’s Financial Sector
EQST identified Gunra, a ransomware operation that has specifically targeted financial institutions in Korea. Gunra operators demonstrated detailed knowledge of Korean financial regulatory requirements, using this familiarity to time their attacks around reporting deadlines when victims face maximum pressure to pay. The group employs double extortion — encrypting systems while threatening to leak stolen data to regulators and media. EQST provides Gunra-specific indicators of compromise and recommends financial sector organisations prioritise offline backups, segment core banking systems, and rehearse ransomware response playbooks with senior leadership.
Special Report: Zero Trust Security Strategy — System Level
The third part of EQST’s Zero Trust series examines system-level controls. After covering identity management (May) and devices/endpoints (June), this instalment focuses on hardening operating systems, application allowlisting, patch cadence, and runtime monitoring. Key recommendations include enforcing application allowlisting via tools like AppLocker or WDAC, implementing immutable infrastructure patterns for critical servers, and deploying endpoint detection and response (EDR) with tamper protection enabled. EQST’s zero trust system model treats every running process as potentially compromised until verified by continuous behavioural monitoring.
Source: SK Shieldus EQST Insight, August 2025 — skshieldus.com
