Because there is no entry for arming and disarming in the M1 log, the M1 is not being armed or disarmed. Even if someone was able to gain remote access to arm/disarm, the M1 log would show it. Because it doesn’t show it, it is not happening.
Cellular providers do not guarantee text messages. Because of that you may lose or not receive some or receive duplicates of others. It sounds like you’re receiving duplicates. It could be that the M1XEP cannot verify the message was successfully delivered to your SNMP server, so it sends it again. A few months ago when Gmail, Yahoo and perhaps others implemented the App Password feature (learn more https://www.elkproducts.com/email-security-settings-using-app-passwords-for-gmail-and-yahoo-with-the-m1xep/ ) there were several scenarios email/text not being sent then all at once they all were received.
The apparent attacks you see on your router are nothing new. Everyone gets them. Most don’t even know it. There are thousands of bad-actors in the world that set up automated programs to scan IP addresses and ports on each IP address. If they think they found a live address, they will perform targeted probes against known applications, devices, and services. That is likely what your app is detecting. Rest assured that the M1XEP is well-protected from any scan, probe or attack, so long as you’ve chosen a good password for in-coming connections.
So, to sum up, no one is hacking your M1. The spurious text messages you receive are probably re-transmissions of messages that were already successfully sent.