A Top Secret NSA analyst's report published by The Intercept suggests that, in August 2016, the Russian General Main Staff Intelligence Directorate (GRU) hacked into an election-related hardware and software vendor in the US. The GRU then used data from the company for at least two "spear phishing" campaigns against local government officials associated with elections—including one attack close to the election that appeared to target officials dealing with absentee ballots. The report was based on information that only became available in April of this year, and the NSA report does not reveal the name of the company.
Within an hour of the story's publication, the FBI announced the arrest of the alleged source of the leaked report. Reality Leigh Winner was arrested at home in Augusta, Georgia, after an NSA audit identified her as the person who printed and removed the report from a secure facility. The Intercept had turned over a copy of the report to the NSA to verify its provenance while asking for comment. After analysis of the document showed that it had been folded up, suggesting it had been printed, the NSA determined only six employees had access to the document, and only Winner had been in e-mail contact with The Intercept.
Seven e-mail accounts at the vendor company were targeted with a method similar to the method that obtained access to e-mail accounts used by members of the Clinton campaign earlier in 2016, according to the text of the report. At least one of those accounts appears to have been compromised, as information from the company was then used in two separate sets of e-mails with malicious attachments sent to election officials just days before the election.