As reported by many news like Bleeping Computer:
Veeam exploit CVE-2023-27532 is currently used to steal credentials from configuration files.
However it’s important to note that first attack vector used to get access isn’t a Veeam product, but stolen credentials of critical servers RDPs accessible via internet AND Microsoft Zerologon exploit.
Patch for Veeam’s products was already released in March of this year:
and as mentioned several times, best practices says that Veeam servers must not be accessible from the Internet.
Are you new? Read these: