I wonder if this is/was the amazing crypto breakthrough known as BULLRUN, or at least very similar. It seems likely that if academic researchers are now able to extract partial plaintexts from RC4 with nothing more than passive eavesdropping, it's possible that GCHQ/NSA has gone all the way.
It's kind of confusing. BULLRUN/EDGEHILL projects are umbrella cover terms: Secure Communities of Interest regarding general access to NSA/GCHQ (respectively) efforts to defeat network communication technologies such as TLS and IPsec, not particular individual cryptanalytic attacks, vulnerabilities, backdoors or techniques.
I think you want the PICARESQUE ECI compartment, specifically (TS//SI-PIQ). NSA are said to have had a "cryptanalytic breakthrough" which "surprised" GCHQ some years ago. Specific operational details are currently undisclosed, but there have been references to PIQ (PICARESQUE) blades at locations of some TEMPORA full-take feeds processing the (72-hour) network intercept ring buffers in nearline and providing passive decrypts on-site to the backend via crypt attacks. They have only one-way access, and aren't active/QUANTUM (MoTS/MiTM) attacks, or PAWLEYS (key-stealing) attacks. The prevalence of RC4 within TLS (and other protocols) at the time, that it apparently directly provides plaintext decrypts, and RC4's relative weakness, suggest it as the most likely candidate for attack.
So, no, don't use RC4! …not that I've had the opportunity to reverse any of these blades recently, you understand…
