Haven’t we always known this? It’s the same concept as a Stingray device, which is used to spy on people because their devices connect to it automatically, assuming it’s a normal cell tower. People don’t know what tower they’re connected to, so if you connect to a “fake” or exploited tower, you’ve basically handed over the keys. This is essentially the same thing, but on a 5g network, which is presumably made up of even more nodes/towers.
4G had a lot of the same issues as 3G, but 5G was a complete redesign (including security).
It was supposed to have been way harder to break than previous generations.