Hackers are exploiting a security vulnerability in SAP business software that dates back to 2010.
The US Computer Emergency Response Team (US-CERT) has warned that at least 36 enterprises are at risk of attack if they're running outdated or misconfigured SAP software.
The problem was uncovered by Onapsis, a firm that specialises in securing SAP and Oracle business applications.
One of the companies at risk is a top-10 highest annually grossing global enterprise, and more than a dozen of the affected companies generate over $10bn in annual revenue.
Onapsis refused to name any of the potentially affected firms, Reuters reported, but said that it found customers in the US, UK, China and Germany.
"We regard these [known victims] as just the tip of the iceberg, as well as an irrefutable answer to the question: 'Are SAP applications being attacked?'" Onapsis said in its report.
The US-CERT alert released on Wednesday warned that a hacker who exploited the vulnerability could gain full access to an affected SAP platform, giving them "control of the business information and processes on these systems, as well as potential access to other systems".
Mariano Nunez, chief executive of Onapsis, said: "This is not a new vulnerability. Still, most SAP customers are unaware that this is going on."
SAP explained that the vulnerable feature was fixed in a software update six years ago. "All SAP applications released since then are free of this vulnerability," the company said in an emailed statement, cited by Reuters.
However, SAP acknowledged that these changes were known to break, or disable, customised software developments that many customers had implemented using older versions of SAP's programming language.
US-CERT urged administrators to scan systems for vulnerabilities and apply the appropriate fixes ASAP.
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3 sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago