The initial discussion of their policy violations happened on mozilla.dev.security.policy.
I think an ulterior motive is a bit far-fetched here. Their CA does not currently issue certificates to the general public, and I would expect if it ever does, it would be something along the lines of Amazon’s ACM, i.e. a free add-on to their cloud offerings and other products that support custom domains. They’re a platinum sponsor of Let’s Encrypt. They’re also not big fans of EV (their CA doesn’t have EV status either) and likely realize that there’s not a whole lot of money to be made with DV nowadays.
The decision seems reasonable to me. Symantec were caught issuing test certificates for domains they didn’t own a couple of years ago. This included some high-value domains like google. They were caught and Google decided to require CT for all Symantec-issued certificates, in addition to asking Symantec to ensure something similar can’t happen again.
Something similar obviously did happen given the recently-discovered test certificates. Additionally, in the course of the investigation, it became obvious that various Registration Authorities were not sufficiently audited and trained. I can sympathise with the fact that Symantec is the oldest CA around (if you include their various acquisitions) and is dealing with a lot of legacy issues because of that, but if you contrast that with the work done by other CAs like DigiCert after their acquisition of another ancient root CA, it becomes clear that Symantec shouldn’t be trusted with the closest thing we have to the keys to the internet.