No one has so far fully and explicitly connected the noms-de-hack of those behind the Twitter incident with natural persons. The New York Times followed the trail from chatter on Discord, and concluded that the hack was the work of three people, probably young, at least two of whom shared an interest in collecting interesting Twitter accounts. Two of them ("ever so anxious" and "lol") appear to have been involved in Bitcoin scams before. The apparent originator of the hack, "Kirk," enlisted them as middlemen to sell hijacked accounts. "Kirk" is thought to have obtained access to a Twitter Slack channel, where, Mashable explains, he found credentials posted. The hackers progressed to a celebrity Bitcoin scam.
How "Kirk" got so far is unclear: Twitter hasn't elaborated beyond saying, Saturday, "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections."
Apologies are apparently due "PlugWalkJoe," whom KrebsOnSecurity identified as the moving intelligence behind last week's Twitter hack. His involvement was tangential: he was a customer. He acquired the Twitter account @6 from one of the hackers ("ever so anxious"), but that, the New York Times concluded, was the extent of his involvement.
The Washington Post collects expert opinions about Russian and Chinese hacking of COVID-19 vaccine research and finds they differ over how to respond, and even whether the hacking represented legitimate intelligence collection. The BBC reports the Russian ambassador to London says Russia didn't do it.