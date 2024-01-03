2023 might be in the recycle bin, but before you hit “delete,” here are three of the biggest IT and cybersecurity stories from around the globe that you might have missed over holiday break.

Ukraine hack. Kyivstar, the biggest mobile operator in Ukraine with more than half the country’s population as customers, announced on Dec. 20 it had restored major services following a huge cyber attack.

British intelligence ranked the attack as the most impactful since the Russian invasion of Ukraine in 2022, according to the Record. Kyivstar subscribers had no access to internet or mobile services for two days, rivaling the 2022 attack on Viasat.

The most obvious suspects are hackers linked to the Russian military and intelligence services, and Wired reported in December that an official in Ukraine’s computer security agency told the press that hacker group Solntsepek had claimed credit for the incident. That group has, in turn, been linked to another called Sandworm, which security firm Mandiant considers a Russian cyber asset.

The attack on Kyivstar reportedly did major damage to the company’s infrastructure, while Reuters reported the firm could take weeks to fully restore all services. Kyivstar CEO Oleksandr Komarov publicly attributed the initial access vector in the incident as a compromised employee account, according to the Kyiv Independent, adding it “must be admitted that this attack breached our defenses.”

Toshiba goes private. Toshiba, once one of Japan’s most powerful companies, was delisted from the New York Stock Exchange in late December amid a $14 billion takeover by investors led by private equity firm Japan Industrial Partners (JIP).

Disarray at Toshiba dates to at least 2015, when then-CEO Hisao Tanaka stepped down over a massive accounting scandal. Subsequent crises resulted in the company writing down its US nuclear business, selling its Toshiba Memory chip unit, and overseas fundraising efforts which brought in activist investors, many of whom support the JIP-led buyout.

“Toshiba Group will now take a major step toward a new future with a new shareholder,” Toshiba told Kyodo News in a statement. According to the paper, focus areas for Toshiba moving forward include power semiconductors, social infrastructure, and quantum technology.

JIP has kept a low profile and is not an international player, Reuters reported, but it has quietly acquired businesses like Sony’s laptop division and Olympus’s camera unit. JIP has not disclosed how much of its own money is involved in the Toshiba deal.

EU AI rules. Negotiators from the European Parliament and the European Union’s 27 member states struck a deal on AI regulations in early December, laying the groundwork for oversight of AI that goes beyond warnings of disaster.

The final text of the AI Act will not be released until February due to continuing negotiations over the specifics, Axios reported. There will also be a minimum of six months advance notice before any new regulations go into effect, with that timeline expanding to 24 months for “high-risk” uses like credit scoring and 36 months for highly regulated fields like medical technology. Certain uses of AI will face outright bans.

Peter Stockburger, a managing partner for Denton’s San Diego, warned in a Bloomberg Law op-ed that while new laws may not enter into force until 2025 or 2026, US businesses should anticipate potential disruptions on the scale of the General Data Protection Regulation (GDPR). That law forced some EU companies and others doing business across the continent to revamp their entire tech stacks.