The group’s persistence is ensured by creating scheduled tasks and employing encryption methods like SHA256 hashing and the Salsa20 algorithm to transmit sensitive data to a command and control server named iceandfire[.]xyz.