"This is all a bit fishy, if the companies own the machines in question then they can self-sign and include their own self-signed certificate in their own machine's certificate stores."
True, but I'm guessing this is aimed at small companies without the resources to do their own CA. To you and me it's not that hard to do, but I can think of several small business owners I know that wouldn't have the slightest idea.
That being said, I'd be shocked, SHOCKED! if given the locations of the CAs we're talking about (China and Egypt, right?) there wasn't something else going on.