The Intercept said the N.S.A. report had been submitted anonymously. But shortly after its article was published, the Justice Department said that the F.B.I. had arrested Ms. Winner at her house in Augusta, Ga., on Saturday. It also said she had confessed to an agent that she had printed out a May 5 intelligence file and mailed it to an online news outlet.
It was not immediately clear who is serving as the defense lawyer for Ms. Winner, who has been charged under the Espionage Act.
An accompanying F.B.I. affidavit said she has worked for Pluribus International Corporation at a government facility in Georgia since Feb. 13. While it did not identify the agency or the facility, the N.S.A. uses Pluribus contractors and opened a branch facility in the suburbs outside Augusta in 2012.
The F.B.I. affidavit said reporters for the news outlet, which it also did not name, had approached the N.S.A. with questions for their story and, in the course of that dialogue, provided a copy of the document in their possession. An analysis of the file showed it was a scan of a copy that had been creased or folded, the affidavit said, “suggesting they had been printed and hand-carried out of a secured space.”
The N.S.A.’s auditing system showed that six people had printed out the report, including Ms. Winner. Investigators examined the computers of those six people and found that Ms. Winner had been in email contact with the news outlet, but the other five had not. In a statement, the deputy attorney general, Rod J. Rosenstein, praised the operation.
“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” he said. “People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”
Espionage Act charges carry a sentence of up to 10 years in prison, although conventional leak cases have typically resulted in prison terms of one to three years.
Once rare, leak cases have become far more common in the 21st century, in part because of electronic trails that make it easier for investigators to determine who both had access to a leaked document and was in contact with a reporter. Depending on how they are counted, the Obama administration brought nine or 10 leak-related prosecutions — about twice as many as were brought under all previous presidencies combined.
Mr. Rosenstein helped prosecute one of them, a case against James E. Cartwright, a retired four-star Marine general and a former vice chairman of the Joint Chiefs of Staff accused of disclosing classified information to reporters. General Cartwright pleaded guilty to lying to investigators about his conversations with journalists but was later pardoned by President Barack Obama.
Mr. Trump called for a crackdown in the context of leaks about what surveillance has shown about his own associates’ contacts with Russian officials. The report Ms. Winner is accused of leaking, by contrast, focuses on pre-election hacking operations targeting voter registration databases and does not mention the Trump campaign.
The American intelligence community has concluded that Russia conducted a broad influence campaign for the purpose of undermining Hillary Clinton’s candidacy and sowing doubts about the democratic process if she had won.
In October, when the Obama administration accused Russia of stealing and releasing Democratic emails, it also said there was a pattern of probing of voter registration-related systems that was traceable to Russian servers but stopped short of saying the Russian government was behind it. The intelligence report, citing unspecified information the N.S.A. obtained in April, suggests the government is now satisfied that Moscow was the culprit.
Both attacks described in the report relied on so-called spear phishing, a tactic that uses spoof emails to trick users into clicking links or opening attachments that then install malicious software on their computers. The G.R.U. sent the emails from two free American web-based email providers, Google’s Gmail and Microsoft’s Outlook.com, it said.
The first attack, on Aug. 24, involved an attack on an American company “evidently to obtain information on elections-related software and hardware solutions.”
That attack was most likely successful. The report said the G.R.U. used data most likely obtained from it to conduct the second set of attacks, a “voter registration themed spear-phishing campaign targeting U.S. local government organizations.”
Specifically, it said, in late October or early November, the G.R.U. sent to 122 local elections officials emails designed to look as if they were from that company and containing attachments designed to look like an updated system manual and checklist. Opening the attachment would download malicious software from a remote server, the report said.
The report masked the name of the software vendor, referring to it as “U.S. Company 1,” in keeping with standard minimization rules for intelligence reports based on surveillance. However, the report contained references to an electronic voter identification system used by poll workers and sold by VR Systems, a Florida company.
VR Systems’ website said its products were used by jurisdictions in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia and West Virginia. In a statement, VR acknowledged that there had been a problem, while stressing that none of its products dealt with vote marking or tabulation.
“When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment,” it said. “We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result.”
The headline on an earlier version of this article incorrectly described the charge that Reality Leigh Winner is facing. It is for leaking, not espionage.