
The Asymmetric Threats Contingency Alliance (ATCA), which comprises arms groups and financial services companies, claims to have uncovered evidence of alleged collusion between Russia and the botnet owners.
ATCA said that the botnets were only rented for a short period to boost the number of attacking computers to over a million.
Russia has consistently denied any involvement in the attacks.
"The attackers used a giant network of enslaved computers on 9 May, perhaps as many as one million in places as far away as North America and the Far East, to amplify the impact of their assault," ATCA stated.
"In a sign of their financial resources, there is evidence that [Russia] rented time from trans-national criminal syndicates on botnets.
"On 10 May, it appears that the attackers' time on the rented servers expired, and the botnet attacks fell off abruptly."
ATCA claims that the denial-of-service attacks used very large packets of information streams to clog government websites, banks and newspapers.
"The cyber-attacks are from Russia. There is no question. It is political," said Merit Kopli, editor of Postimees, one of the two main newspapers in Estonia which were targeted.
ATCA is suggesting setting up an international task force to monitor such attacks and prevent them happening again. This would include online monitoring but would have a physical arm to go after those coordinating the attacks.
"In the future, when seeking to protect the critical infrastructure constituents and business digital systems at a national level, the economically prudent way forward would be to combine knowledge management, analysis and count er-attack tools with on-the-ground human intelligence sources," the group stated.
"Surveillance and reconnaissance dashboards of digital systems would need to be managed by experienced counter-attack forces on a 24/7 basis. As in all wars, our collective national defences must excel enemy aggression."