The attacks are brute-force attempts to authenticate to remote SSH servers, a tactic that has been used quite often in the past in distributed attacks. The attacks often come from a slew of different IP addresses and may come one right after another, with a number of attempts within a few minutes. It only takes a single user with a weak password for a foothold escalation to occur, then with that foothold escalation and further attacks are likely next. The SANS ISC recommend that organizations deploy their SSH servers on a port other than TCP 22 and disallow remote root logins as preventitive measures.
Source: https://threatpost.com/ssh-brute-force-attacks-resurface-061810/74128/

