I'm pretty sure Telegram runs their own dns with dynamic addresses and you can create a bunch of certificates for weird host names to dupe SNI.
Russia dedicated quite some resources to it and couldn't win. I don't think it had any chance unless they're willing to DPI 100% of traffic China style, but even then it's fundamentally impossible to tell random google cloud/aws website api traffic from telegram.
