The distributed denial-of-service (DDoS) attack Tuesday against military and financial institutions in Ukraine was the “largest DDoS attack in the country’s history,” a Ukrainian government agency said.

Ukraine “successfully stopped” the attack, the State Service of Special Communication and Information Protection of Ukraine said in a statement posted online. The DDoS attack affected targets including the websites of the Ministry of Defense and the Armed Forces of Ukraine, as well as the web services of Privatbank and Oschadbank.

DDoS attacks typically attempt to bring down websites or networks by overwhelming the web server with traffic. The “main purpose is to sow panic among Ukrainians and destabilize the situation in the country,” the Ukrainian agency said in its statement. “In fact, it was a large-scale stress test that Ukraine withstood.”

The DDoS attack came as Russia has amassed an estimated 150,000 troops near Ukraine, U.S. President Joe Biden said Tuesday. Russia has been known to use cyberattacks as part of military campaigns in the past, including in Georgia and the Crimean Peninsula in Ukraine. Most recently, Ukraine blamed Russia for attacks in January that left dozens of the government’s websites inaccessible or defaced.

Cybersecurity experts say that if Russia does plan to invade Ukraine, it would undoubtedly use cyberattacks as a key part of its strategy — just as the country has done in previous military campaigns over the past decade-and-a-half.

The secretary-general of NATO, Jens Stoltenberg, said there’s no evidence that Russia is pulling back on its forces near Ukraine, despite claims by the Russian military that it was starting to withdraw. “We do not see any sign of de-escalation on the ground,” Stoltenberg said, according to the BBC.

‘Trace of foreign intelligence’

Ilya Vityuk, head of the cybersecurity department for the Security Service of Ukraine (SSU), discussed the incident during a news conference Wednesday, which was reported on by news outlets including the New York Times.

The Ukrainian agency’s statement posted online also included Vityuk’s comments, which said that with the DDoS attacks Tuesday, “There is a trace of foreign intelligence services.”

“Based on current realities, the country that is interested in such image damage to Ukraine is Russia,” Vityuk said, according to the version of the statement posted online. “However, this should be established within the relevant investigation.”

A separate statement from the SSU, however, raised greater suspicion about possible Russian involvement. “According to preliminary information, Russian special services may be involved,” the statement said, according to a translation.

A spokesperson for the Kremlin denied Russian involvement in the DDoS attack, according to the New York Times report. “We know nothing about it, but we are not surprised that Ukraine is continuing to blame Russia for everything,” the spokesperson, Dmitri S. Peskov, reportedly said. “Russia has nothing to do with any DDoS attacks.”

The attack targeting Ukrainian servers on Tuesday was indeed a powerful DDoS attack, according to findings from cyber firm CrowdStrike.

“Telemetry acquired during the attacks indicates a large volume of traffic three orders of magnitude more than regularly observed traffic,” said Adam Meyers, senior vice president of intelligence at CrowdStrike, in an email statement.

In the attack, 99% of the traffic consisted of HTTPs requests, “indicating the attackers were attempting to overwhelm Ukrainian servers,” Meyers said.

Impact on western countries

Though there is “no evidence of any targeting of western entities at this time, there is certainly potential for collateral impact as a result of disruptive or destructive attacks targeting Ukraine,” he said. “This could impact companies that have a presence in Ukraine, those that do business with Ukrainian companies, or have a supply chain component in Ukraine such as code development/offshoring.”

On Tuesday, Biden touched on the possibility of Russian cyberattacks impacting the U.S.

“If Russia attacks the United States or allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond,” Biden said.

Diversion tactic?

The DDoS attacks might also be a “diversion from something else, like a stealthier cyberattack,” said Justin Fier, director of cyber intelligence and analytics at cyber firm Darktrace, in an email to VentureBeat on Tuesday.

At Darktrace, “across our customer base, we sometimes see noisy attack techniques like this used to distract security teams while bad actors remain inside digital systems to carry out more deadly attacks behind the scenes,” Fier said.

That can include stealing or altering sensitive data, shutting down critical systems, or “simply lying dormant until the right time comes,” he said.

Ukraine’s cyber response

The Ukrainian agency statement provided additional details on how the DDoS attack was defended against:

After the Government Computer Emergency Response Team CERT-UA received a report of disruptions in a number of government websites, some information resources were suspended to prevent the attack from spreading. Modern, powerful systems for counteracting DDoS attacks were also used. This prevented attacks on other sites, including the websites of the Security Service of Ukraine, the Foreign Intelligence Service, etc.

“We have significantly reduced the level of malicious traffic by restricting access control lists and configuring policies on anti-DDoS attacks. Our cleaning centers are working. Therefore, despite the fact that the attack is still ongoing, and its average power reaches tens of gigabits per second, the situation is completely under control: web resources continue to function” said Victor Zhora.

Deputy Secretary of the National Security and Defense Council of Ukraine Serhii Demedyuk praised the response of the state cybersecurity system to the latest cyberattack. At the same time, national actors of cybersecurity not only in Ukraine but also in partner countries, including the USA and European countries, worked 24/7 to minimize the consequences of the cyberattack, which he described as “informational and psychological.”

The Security Service of Ukraine “is investigating criminal proceedings on the fact of DDoS-attacks,” which “does not exclude the involvement of special services of the aggressor country,” the statement says.