DC microgrids (MGs) are cyber-physical systems (CPSs) prone to cyber attacks which could disrupt the normal operation of DC MGs. Accurate estimation of the attack vector is crucial to recover correct signals from compromised measurements for safe DC MG operation, while it has not been effectively achieved by existing methods and the accuracy is challenged by unmodeled uncertainties in practical power electronic converters. This paper proposes a digital twin (DT)-based cyber attack detection and mitigation scheme for DC MGs. First, the lightweight radial basis function neural network (RBFNN) is adopted to compensate for the mismatch between the ideal model and the real system for accurate converter modeling. Second, a composite descriptor observer-based local DT is designed to achieve accurate estimations of attack signals and correct observations of converter states. In addition, a global DT is developed at the system level to accurately estimate and eliminate cyber attacks in the secondary control. As a result, the proposed method can mitigate attacks by replacing the corrupted signals with estimated true values provided by DT, leading to accurate and stable operation of the system. Finally, simulation and experimental results are given to validate the effectiveness of the proposed method.