{"id":53,"date":"2026-06-05T22:29:09","date_gmt":"2026-06-05T22:29:09","guid":{"rendered":"https:\/\/inhochoi.com\/index.php\/2026\/06\/05\/eqst-insight-august-2025-shadow-ai-in-manufacturing-gunra-ransomware-zero-trust-systems\/"},"modified":"2026-06-06T23:27:09","modified_gmt":"2026-06-06T23:27:09","slug":"eqst-insight-august-2025-shadow-ai-in-manufacturing-gunra-ransomware-zero-trust-systems","status":"publish","type":"post","link":"https:\/\/inhochoi.com\/index.php\/2026\/06\/05\/eqst-insight-august-2025-shadow-ai-in-manufacturing-gunra-ransomware-zero-trust-systems\/","title":{"rendered":"EQST Insight August 2025: Shadow AI in Manufacturing, Gunra Ransomware &#038; Zero Trust Systems"},"content":{"rendered":"<p style=\"background:#f0f4ff;border-left:4px solid #0066cc;padding:12px 16px;margin-bottom:24px;\"><strong>&#128196; Original Report (PDF):<\/strong> <a href=\"https:\/\/assets.ctfassets.net\/6hqdqj4fjyeg\/983J937Srj6tZsZ6IVb3K\/2665a50496864258dd232f429e454af0\/sk-shieldus-eqst-insight-august-2025-issue.pdf\" target=\"_blank\">Download EQST Insight 2025 August &rarr;<\/a><\/p>\n<p>The August 2025 EQST Insight focuses on the growing threat of unsanctioned AI tools in manufacturing environments, a ransomware campaign targeting Korea&#8217;s financial sector, and the third instalment of EQST&#8217;s Zero Trust Security Strategy series covering system-level controls.<\/p>\n<h2>Headline: Shadow AI \u2014 Detection, Control &#038; Governance for Manufacturing<\/h2>\n<p>Employees in manufacturing environments are increasingly adopting AI tools \u2014 from LLM assistants to AI-powered design platforms \u2014 without formal approval, creating what security teams call &#8220;Shadow AI.&#8221; Unlike Shadow IT (unsanctioned software), Shadow AI introduces additional risks: sensitive manufacturing IP, production schematics, and proprietary formulas may be submitted to third-party AI services as part of normal prompting. EQST outlines a three-layer response: visibility (cataloguing all AI endpoints employees connect to), control (network-level blocking of unapproved AI services), and governance (an approved AI tool catalogue with clear acceptable use policies). Manufacturing firms should treat confidential data submitted to AI platforms as a data exfiltration risk and apply DLP controls accordingly.<\/p>\n<h2>Keep Up with Ransomware: Gunra \u2014 Targeting Korea&#8217;s Financial Sector<\/h2>\n<p>EQST identified Gunra, a ransomware operation that has specifically targeted financial institutions in Korea. Gunra operators demonstrated detailed knowledge of Korean financial regulatory requirements, using this familiarity to time their attacks around reporting deadlines when victims face maximum pressure to pay. The group employs double extortion \u2014 encrypting systems while threatening to leak stolen data to regulators and media. EQST provides Gunra-specific indicators of compromise and recommends financial sector organisations prioritise offline backups, segment core banking systems, and rehearse ransomware response playbooks with senior leadership.<\/p>\n<h2>Special Report: Zero Trust Security Strategy \u2014 System Level<\/h2>\n<p>The third part of EQST&#8217;s Zero Trust series examines system-level controls. After covering identity management (May) and devices\/endpoints (June), this instalment focuses on hardening operating systems, application allowlisting, patch cadence, and runtime monitoring. Key recommendations include enforcing application allowlisting via tools like AppLocker or WDAC, implementing immutable infrastructure patterns for critical servers, and deploying endpoint detection and response (EDR) with tamper protection enabled. EQST&#8217;s zero trust system model treats every running process as potentially compromised until verified by continuous behavioural monitoring.<\/p>\n<p><em>Source: SK Shieldus EQST Insight, August 2025 \u2014 <a href=\"https:\/\/www.skshieldus.com\/en\/report?tab=eqst\">skshieldus.com<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#128196; Original Report (PDF): Download EQST Insight 2025 August &rarr; The August 2025 EQST Insight focuses on the growing threat of unsanctioned AI tools in manufacturing environments, a ransomware campaign targeting Korea&#8217;s financial sector, and the third instalment of EQST&#8217;s Zero Trust Security Strategy series covering system-level controls. Headline: Shadow AI \u2014 Detection, Control &#038; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":118,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-53","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/posts\/53","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":1,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"predecessor-version":[{"id":98,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/posts\/53\/revisions\/98"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/media\/118"}],"wp:attachment":[{"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inhochoi.com\/index.php\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}