Exactly that. They are including an encapsulation option on their client package and running something on the server side to listen/decode the TCP and shove it back into udp. I have run a wireguard server behind udptunnel for the same reasons in the past and it looks like they are simply setting their own internal standard.