Wasn't this thought impossible with LTE, I thought older bands were only susceptible to this attack.

Classic 2G stingrays are a lot less complicated, but attempts to secure the IMSI haven't properly been implemented until 5G came around. Even then, the IMSI has been replaced with encryption and temporary identifiers your carrier knows belongs to you, and if law enforcement comes in with a warrant they can get those replacement identifiers from your carrier regardless.

You can't get the IMSIs passively anymore, but LTE doesn't make these attacks impossible, just less practical, especially for criminals that don't have warrants on their side.

You can collect IMSI passively over LTE: https://github.com/SysSec-KAIST/LTESniffer

You can just jam everyone in the area and see who reconnects.

>In order to maintain an uninterrupted connection to a target’s phone, the Harris software also offers the option of intentionally degrading (or “redirecting”) someone’s phone onto an inferior network, for example, knocking a connection from LTE to 2G. [1]

>In its most basic functionality, the [LTE] IMSI catcher receives connection/attach request messages from all mobiledevices in its vicinity. These attach messages are forced to disclose the SIM’s IMSI, thus allowing the IMSI catcher to retreive the IMSI for all devices in its vicinity... a fully LTE-based IMSI catcher is possible, very simple and very cheap to implement without requiring to jam the LTE and 3G bands to downgrade the service to GSM. [2]

Exploits on 5G to retrieve the IMSI. [3]

[1] https://theintercept.com/2016/09/12/long-secret-stingray-man...

[2] https://arxiv.org/abs/1607.05171

[3] https://arxiv.org/abs/1809.06925

5G standalone is not transmitting IMEI in plain text ever to my knowledge.