There are only four billion IPv4 addresses. A modest botnet containing only 1000 nodes, each scanning one IP a second, can scan the entire space every month and a half.
This is typical. I ran a betting pool (in minecraft) with my friends on which country the latest unauthorized connection attempt was from. Prior to 2022 the safe money was Russia.
It would appear that your router is already proactively denying requests from known-bad connections. That's good, but not sufficient.
If you expose SSH, use a public key or a strong (>128 bit strength) random password. Keep all port-forwarded software up to date to limit vulnerabilities. Use containers or virtual machines to limit the impact of a vulnerability.