Iran-linked group OilRig has been conducting cyber espionage since at least 2015. Its latest escapade involves the Internet Information Services (IIS) servers that have been used by other Middle Eastern government organizations. The group installs a secondary backdoor on top of itself, called RGDoor, which can reopen a system even if it’s been fixed. Its use shows how sophisticated nation-state attacks are becoming, says Palo Alto Networks Inc. The backdoor within the backdoor is both functional and works by other methods than the primary backdoor.”]