Access to private WireGuard keys in compromised sys-vpn?

Quick question:

Suppose I have a sys-vpn that uses Wireguard and contains a bunch of WG configuration files in its /etc/wireguard folder. The folder is typically root protected as the conf files contain private keys for the connection. This is the standard setup, AFAIK.

How hard would it be for an adversary to access those files? Is it one of those situations like privilege escalation, where if an adversary is already in position to access those files, I have much bigger things to worry about?