Not necessarily the same thing, it could easily be a small leased block using NAT to offer service to more customers in that case. The reseller has a commercial account, yes, but that doesn’t mean you get exclusive access to an address in that block (very unlikely unless you are dropping big money.) Nothing you have said so far rules out being behind a NAT.
CGNAT uses RFC 6598 and a particular type of NAT, not all are created equal. Port forwarded public address space doesn’t mean you aren’t sharing the address, just that you can bind one of the ports in the space and expect that traffic to reach you. Thats what most ISPs do, if your server is being a router at home you are going through a minimum of a single NAT layer, usually 2. That’s literally what port forwarding is, forwarding traffic from one address and port to another on a different subnet (or a different machine on the same subnet. You see this often with separate DNS and DHCP servers in enterprise networks.) CGNAT specifically messes with port forwarding because it assigns traffic somewhat arbitrarily and the user has no control of the routing. That’s why you have to use reverse connections to get around them: you can establish an outgoing connection then use it to serve data, you just don’t have a public address that can be guaranteed to point to your machine.
Not all NAT is CGNAT, and not all NAT disallows incoming connections. I don’t understand how everyone thinks it’s reasonable to assume that A. your whole network has been compromised or B. that it would benefit the attacker in any way to use your connection to download movies. They use a crap modem, that’s why it crashes often, and using IKWYD without knowing how DHT and IPv4 addressing works is just causing paranoia through ignorance.