doliver10,
From my own experience, here is my answers to your questions:
Why is this happening and what can be done to stop it? Because the Internet is rife with this kind of activity, especially since Covid caused many more people to rely on the Internet for remote work, school, etc., so black hat hackers and nation states are trying to profit from or gain political or financial leverage by exploiting unsecure systems. There is nothing you or I can do, except to attempt to keep our Internet exposed systems updated, and hardened.
Is this something I should worry about? No, not really, except to make sure that we consistently update software, and take preventative measures where necessary to keep our systems and networks secure. These include, but are not limited to, good passwords, frequent backups, good IPsec, filesystem and network sanitation, careful user vetting, and continued self education to be aware of the known issues, present threats, and how to fix/patch them.
What do I need to do? One suggestion I have is to take your FBX off of the DMZ, or other direct exposure to the Internet, and use port forwarding on your Internet facing router to open only the ports you need exposed for your FBX services. I know that this is not necessarily the Freedombox default/recommended approach, but it works well for me.
I do that, because I was having such a problem with (primarily) large volumes of Chinese brute force attacks against my FBX, and other services on servers I have operated in the past. After I did that configuration change alone, it essentially stopped all of the unwanted traffic to my FBX, and I was still able to use my FBX services outside my LAN normally.
Just understand that things are not going to change, unless attackers have nothing to exploit, which is highly unlikely at this point. Asking for help was a great step on your part. Also, educating yourself with regard to security on the public facing server(s) you administer will be tantamount to your success with keeping said servers from getting hacked. That risk will always exist, as long as you have that/those servers exposed to the Internet.
Just keep in mind, Freedombox is very secure, it is designed with IPsec in mind, it is based on Debian, which IMHO, is one of the most secure operating systems in the world, so more than likely, your system has not been seriously compromised, and you should not worry too much, just keep an eye on things, and make sure to keep asking questions! Remember this: for every bad actor on the Internet, there are 5 or 10 people that are here to help/do the right thing/be good/not be evil!