Classic 2G stingrays are a lot less complicated, but attempts to secure the IMSI haven't properly been implemented until 5G came around. Even then, the IMSI has been replaced with encryption and temporary identifiers your carrier knows belongs to you, and if law enforcement comes in with a warrant they can get those replacement identifiers from your carrier regardless.

You can't get the IMSIs passively anymore, but LTE doesn't make these attacks impossible, just less practical, especially for criminals that don't have warrants on their side.

They can use standardized lawful interception interfaces to get all this data.

No big need to dig down deep into the radio and protocol layer.