Since 2018, criminal actors have been executing big game hunting (BGH) campaigns using ransomware like Dharma to target large organizations and governments for financial gain. The CrowdStrike Falcon OverWatch and Intelligence teams have identified Dharma's continued operation as a ransomware-as-a-service (RaaS) model, involving tactics such as brute forcing Remote Desktop Protocol (RDP) connections, credential harvesting, and disabling security software. Despite the departure of Dharma's original author, the ransomware has been sold by independent actors, and its code remains largely unchanged across variants. The attacks exhibit consistent techniques, including the use of publicly available tools like PCHunter and ProcessHacker for defense evasion, and Mimikatz for credential access. Dharma affiliates often gain initial access through RDP, leverage automated tools for brute forcing, and use scripts to disable system defenses before encrypting data to demand ransoms. The campaigns are expected to continue, underscoring the need for robust security solutions like CrowdStrike's Falcon platform, which offers machine learning and behavioral prevention to mitigate such threats.