That might explain why I was getting more than the expected number of ssh root login attempts from Chinese IP addresses on the router I put on a Hyperoptic connection in place of the supplied one.
You expect to get bots trying to exploit ssh, but from all around the world. These were from (mostly) one particular (large) Chinese ISP, and persisted over a period of months. It might just be a coincidence, but who knows?
I tend to regard ISP-supplied CPE with a fair amount of suspicion. At least I know (or can teach myself) how to set up a basic router. Lots of people can't (or won't), and that 's a problem for which I have no reasonable solutions.