UNC Path Injection is an attack that we consider to have originated in the 1990s. It's exact origins are difficult to trace, but the mid-1990s were a period of tremendous growth in terms of adoption of the Windows NT operating system, and anecdotally that seems to be the operating system that some of the early UNC Path Injection attacks occurred on.
The premise of a UNC Path injection attack is that a "bad actor" (a malicious person) could ask you to click a link that supposedly pointed to some valuable resource -- like a document or a presentation -- and that you could click the link and have that document or presentation pop up on your screen. The legitimate use of UNC Paths were mostly within a company -- e.g. a head of marketing giving a link to a head of sales containing a sales presentation.
But, in the mid-1990s as email was becoming more commonplace, cyber criminals realized that they could use something that conventionally had been used for internal communications, even if they were attacking from the outside of that organization. An outside attacker preying on an internal company employee, could potentially get that employee to click on a UNC Path (potentially sent to them via email). And, that UNC Path might be one that was less than benign -- it could potentially be (for example) a UNC Path that caused an employee to accidentally launch a program that took some malicious action on their data or configuration. Most attacks of that nature relied on the UNC Path Injection technique (although it may not yet have been known by that name).
Here's the rub. If you read the above paragraph again, it sounds a whole lot like the technique that we currently refer to as phishing. Let's look at the similarities:
See the similarity in the attack vector? We do.
Although we don't have an airtight lineage demonstrating that the earliest phishing attacks were inspired by UNC Path Injection, we see a valuable lesson here. When a new hacking TTP (Tactic, Technique, or Procedure) emerges, we can learn a lot from the past -- by thinking back to prior hacks that have a similar resemblance -- and thinking through what mitigations were (and weren't) effective in that prior attack.
In the case of Phishing and UNC Path Injection, the most effective mitigations have much in common:
We may never know whether the earliest phishing attacks were directly inspired by UNC Path Injection or not -- but the similarities give us a huge headstart in terms of thinking about how to stay safe. When some future attack involving some different type of clickable link arises, we'll be able to look back on both UNC Path Injection and on phishing, and carry forward some of the good lessons that we've learned the hard way over the years.