Your thinking of SIM swapping attacks. SIM cloning is much harder without breaching the SIM manufacturer (often Gemalto or another giant vendor).
Rerouting traffic with a malicious home location record (like what was done to Merkel for years), or changing the eSPID/NNID for a numbers texting enablement is much easier than doing a SIM swap and you can usually avoid detection too.
The irony of SIM cards being a cryptographically strong smart card and then carriers let their employees give out replacement SIMs left and right. Ah, humans.
fun fact: SIM cards can run applets based on Java. That’s how mobile payments are able to work in developing nations. I think there was a DEFCON talk about it a few years ago.
Rerouting traffic with a malicious home location record (like what was done to Merkel for years), or changing the eSPID/NNID for a numbers texting enablement is much easier than doing a SIM swap and you can usually avoid detection too.