As i understand you require an E5 license to setup simulated attacks in the Security and Compliance center. Do users in your organisation who you are targeting also need an E5 license or is it only the people who are setting up the simulated attacks who need an E5 license?
Attack Simulator is part of the E5 SKU or Office 365 Threat Intelligence add-on. This allows you to perform Attack Simulations. However, similar to Customer Lockbox license requirements, and for example ATP license requirements for Shared Mailboxes, I suspect it is a license requirement of the mailbox the SKU targets, not the operator (look at it as a add-on service to the mailbox, not the tenant). Do note I'm not an official spokesperson :)