Can India be used as a backdoor into your network?

From the Time of India:

NEW DELHI: China’s cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability. ( Watch: ‘China's cyber intrusion a threat’ )

The sustained assault almost coincides with the history of the present political disquiet between the two countries.

According to senior government officials, these attacks are not isolated incidents of something so generic or basic as "hacking" — they are far more sophisticated and complete — and there is a method behind the madness.

Well, the article throws a lot different terminology together and doesn't provide a lot of new information compared to our previous posts on targeted attacks. Wether it be Russians, Chinese or whatever, their government AND private networks are under attack.
But as I was reading the article, I had an insight. A lot of big companies today are outsourcing the development of their software to India or have been for a while. And of course, to provide support, a lot of companies will need to open up their network to this external partner for remote access. It doesn't matter if it's by VPN or not (preferably it will be), attackers might piggyback through the network of your outsourcing partner. How secure is their network?

Are you sure they didn't copy user data to test their new application to their systems? Did they sanitize it? European privacy laws also come into mind.

So be sure to do a proper risk analysis and prepare proper procedures and legal agreements between different parties. And monitor, monitor and monitor their activities.

Your network might be impenetrable from the outside but consider the risks from (trusted) third parties. This sheds another whole new light on attacks by organized (or state sponsored) crime in India.