Sadly it is very common to see SSH brute force attacks.  Unless you really need SSH access to your Zyxel router, just disable it.

Log in, click the gear, click System, click SSH, then uncheck the box and click apply.  Do the same thing for TELNET and FTP.

You will still be able to administer your Zyxel from the HTTP interface inside your network.

If you do need this access to your router, you should specify IP addresses that are allowed to access it. For example if you use an AT&T smartphone, find its public IP address (go to and type in “my ip”). Then take that IP address and find the range of potential IP addresses assigned to the provider. Then allow that range to SSH to your Zyxel router.